diff options
Diffstat (limited to 'test/core/security')
-rw-r--r-- | test/core/security/auth_context_test.c | 190 | ||||
-rw-r--r-- | test/core/security/base64_test.c | 285 | ||||
-rw-r--r-- | test/core/security/create_jwt.c | 103 | ||||
-rw-r--r-- | test/core/security/credentials_test.c | 1452 | ||||
-rw-r--r-- | test/core/security/fetch_oauth2.c | 113 | ||||
-rw-r--r-- | test/core/security/json_token_test.c | 683 | ||||
-rw-r--r-- | test/core/security/jwt_verifier_test.c | 751 | ||||
-rw-r--r-- | test/core/security/oauth2_utils.c | 76 | ||||
-rw-r--r-- | test/core/security/oauth2_utils.h | 7 | ||||
-rw-r--r-- | test/core/security/print_google_default_creds_token.c | 94 | ||||
-rw-r--r-- | test/core/security/secure_endpoint_test.c | 229 | ||||
-rw-r--r-- | test/core/security/security_connector_test.c | 310 | ||||
-rw-r--r-- | test/core/security/verify_jwt.c | 108 |
13 files changed, 2091 insertions, 2310 deletions
diff --git a/test/core/security/auth_context_test.c b/test/core/security/auth_context_test.c index d091c7e7e6..9b58b3533a 100644 --- a/test/core/security/auth_context_test.c +++ b/test/core/security/auth_context_test.c @@ -39,115 +39,113 @@ #include <grpc/support/log.h> -static void test_empty_context(void) { - grpc_auth_context *ctx = grpc_auth_context_create(NULL); +static void +test_empty_context (void) +{ + grpc_auth_context *ctx = grpc_auth_context_create (NULL); grpc_auth_property_iterator it; - gpr_log(GPR_INFO, "test_empty_context"); - GPR_ASSERT(ctx != NULL); - GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL); - it = grpc_auth_context_peer_identity(ctx); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - it = grpc_auth_context_property_iterator(ctx); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - it = grpc_auth_context_find_properties_by_name(ctx, "foo"); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "bar") == - 0); - GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL); - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + gpr_log (GPR_INFO, "test_empty_context"); + GPR_ASSERT (ctx != NULL); + GPR_ASSERT (grpc_auth_context_peer_identity_property_name (ctx) == NULL); + it = grpc_auth_context_peer_identity (ctx); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + it = grpc_auth_context_property_iterator (ctx); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + it = grpc_auth_context_find_properties_by_name (ctx, "foo"); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + GPR_ASSERT (grpc_auth_context_set_peer_identity_property_name (ctx, "bar") == 0); + GPR_ASSERT (grpc_auth_context_peer_identity_property_name (ctx) == NULL); + GRPC_AUTH_CONTEXT_UNREF (ctx, "test"); } -static void test_simple_context(void) { - grpc_auth_context *ctx = grpc_auth_context_create(NULL); +static void +test_simple_context (void) +{ + grpc_auth_context *ctx = grpc_auth_context_create (NULL); grpc_auth_property_iterator it; size_t i; - gpr_log(GPR_INFO, "test_simple_context"); - GPR_ASSERT(ctx != NULL); - grpc_auth_context_add_cstring_property(ctx, "name", "chapi"); - grpc_auth_context_add_cstring_property(ctx, "name", "chapo"); - grpc_auth_context_add_cstring_property(ctx, "foo", "bar"); - GPR_ASSERT(ctx->properties.count == 3); - GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "name") == - 1); - - GPR_ASSERT( - strcmp(grpc_auth_context_peer_identity_property_name(ctx), "name") == 0); - it = grpc_auth_context_property_iterator(ctx); - for (i = 0; i < ctx->properties.count; i++) { - const grpc_auth_property *p = grpc_auth_property_iterator_next(&it); - GPR_ASSERT(p == &ctx->properties.array[i]); - } - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - - it = grpc_auth_context_find_properties_by_name(ctx, "foo"); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == - &ctx->properties.array[2]); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - - it = grpc_auth_context_peer_identity(ctx); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == - &ctx->properties.array[0]); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == - &ctx->properties.array[1]); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + gpr_log (GPR_INFO, "test_simple_context"); + GPR_ASSERT (ctx != NULL); + grpc_auth_context_add_cstring_property (ctx, "name", "chapi"); + grpc_auth_context_add_cstring_property (ctx, "name", "chapo"); + grpc_auth_context_add_cstring_property (ctx, "foo", "bar"); + GPR_ASSERT (ctx->properties.count == 3); + GPR_ASSERT (grpc_auth_context_set_peer_identity_property_name (ctx, "name") == 1); + + GPR_ASSERT (strcmp (grpc_auth_context_peer_identity_property_name (ctx), "name") == 0); + it = grpc_auth_context_property_iterator (ctx); + for (i = 0; i < ctx->properties.count; i++) + { + const grpc_auth_property *p = grpc_auth_property_iterator_next (&it); + GPR_ASSERT (p == &ctx->properties.array[i]); + } + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + + it = grpc_auth_context_find_properties_by_name (ctx, "foo"); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == &ctx->properties.array[2]); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + + it = grpc_auth_context_peer_identity (ctx); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == &ctx->properties.array[0]); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == &ctx->properties.array[1]); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + + GRPC_AUTH_CONTEXT_UNREF (ctx, "test"); } -static void test_chained_context(void) { - grpc_auth_context *chained = grpc_auth_context_create(NULL); - grpc_auth_context *ctx = grpc_auth_context_create(chained); +static void +test_chained_context (void) +{ + grpc_auth_context *chained = grpc_auth_context_create (NULL); + grpc_auth_context *ctx = grpc_auth_context_create (chained); grpc_auth_property_iterator it; size_t i; - gpr_log(GPR_INFO, "test_chained_context"); - GRPC_AUTH_CONTEXT_UNREF(chained, "chained"); - grpc_auth_context_add_cstring_property(chained, "name", "padapo"); - grpc_auth_context_add_cstring_property(chained, "foo", "baz"); - grpc_auth_context_add_cstring_property(ctx, "name", "chapi"); - grpc_auth_context_add_cstring_property(ctx, "name", "chap0"); - grpc_auth_context_add_cstring_property(ctx, "foo", "bar"); - GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(ctx, "name") == - 1); - - GPR_ASSERT( - strcmp(grpc_auth_context_peer_identity_property_name(ctx), "name") == 0); - it = grpc_auth_context_property_iterator(ctx); - for (i = 0; i < ctx->properties.count; i++) { - const grpc_auth_property *p = grpc_auth_property_iterator_next(&it); - GPR_ASSERT(p == &ctx->properties.array[i]); - } - for (i = 0; i < chained->properties.count; i++) { - const grpc_auth_property *p = grpc_auth_property_iterator_next(&it); - GPR_ASSERT(p == &chained->properties.array[i]); - } - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - - it = grpc_auth_context_find_properties_by_name(ctx, "foo"); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == - &ctx->properties.array[2]); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == - &chained->properties.array[1]); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - - it = grpc_auth_context_peer_identity(ctx); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == - &ctx->properties.array[0]); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == - &ctx->properties.array[1]); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == - &chained->properties.array[0]); - GPR_ASSERT(grpc_auth_property_iterator_next(&it) == NULL); - - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + gpr_log (GPR_INFO, "test_chained_context"); + GRPC_AUTH_CONTEXT_UNREF (chained, "chained"); + grpc_auth_context_add_cstring_property (chained, "name", "padapo"); + grpc_auth_context_add_cstring_property (chained, "foo", "baz"); + grpc_auth_context_add_cstring_property (ctx, "name", "chapi"); + grpc_auth_context_add_cstring_property (ctx, "name", "chap0"); + grpc_auth_context_add_cstring_property (ctx, "foo", "bar"); + GPR_ASSERT (grpc_auth_context_set_peer_identity_property_name (ctx, "name") == 1); + + GPR_ASSERT (strcmp (grpc_auth_context_peer_identity_property_name (ctx), "name") == 0); + it = grpc_auth_context_property_iterator (ctx); + for (i = 0; i < ctx->properties.count; i++) + { + const grpc_auth_property *p = grpc_auth_property_iterator_next (&it); + GPR_ASSERT (p == &ctx->properties.array[i]); + } + for (i = 0; i < chained->properties.count; i++) + { + const grpc_auth_property *p = grpc_auth_property_iterator_next (&it); + GPR_ASSERT (p == &chained->properties.array[i]); + } + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + + it = grpc_auth_context_find_properties_by_name (ctx, "foo"); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == &ctx->properties.array[2]); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == &chained->properties.array[1]); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + + it = grpc_auth_context_peer_identity (ctx); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == &ctx->properties.array[0]); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == &ctx->properties.array[1]); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == &chained->properties.array[0]); + GPR_ASSERT (grpc_auth_property_iterator_next (&it) == NULL); + + GRPC_AUTH_CONTEXT_UNREF (ctx, "test"); } -int main(int argc, char **argv) { - grpc_test_init(argc, argv); - test_empty_context(); - test_simple_context(); - test_chained_context(); +int +main (int argc, char **argv) +{ + grpc_test_init (argc, argv); + test_empty_context (); + test_simple_context (); + test_chained_context (); return 0; } diff --git a/test/core/security/base64_test.c b/test/core/security/base64_test.c index 6d49b6d1a1..a8471c69e3 100644 --- a/test/core/security/base64_test.c +++ b/test/core/security/base64_test.c @@ -40,184 +40,215 @@ #include <grpc/support/slice.h> #include "test/core/util/test_config.h" -static int buffers_are_equal(const unsigned char *buf1, - const unsigned char *buf2, size_t size) { +static int +buffers_are_equal (const unsigned char *buf1, const unsigned char *buf2, size_t size) +{ size_t i; - for (i = 0; i < size; i++) { - if (buf1[i] != buf2[i]) { - gpr_log(GPR_ERROR, "buf1 and buf2 differ: buf1[%d] = %x vs buf2[%d] = %x", - (int)i, buf1[i], (int)i, buf2[i]); - return 0; + for (i = 0; i < size; i++) + { + if (buf1[i] != buf2[i]) + { + gpr_log (GPR_ERROR, "buf1 and buf2 differ: buf1[%d] = %x vs buf2[%d] = %x", (int) i, buf1[i], (int) i, buf2[i]); + return 0; + } } - } return 1; } -static void test_simple_encode_decode_b64(int url_safe, int multiline) { + +static void +test_simple_encode_decode_b64 (int url_safe, int multiline) +{ const char *hello = "hello"; - char *hello_b64 = - grpc_base64_encode(hello, strlen(hello), url_safe, multiline); - gpr_slice hello_slice = grpc_base64_decode(hello_b64, url_safe); - GPR_ASSERT(GPR_SLICE_LENGTH(hello_slice) == strlen(hello)); - GPR_ASSERT(strncmp((const char *)GPR_SLICE_START_PTR(hello_slice), hello, - GPR_SLICE_LENGTH(hello_slice)) == 0); - - gpr_slice_unref(hello_slice); - gpr_free(hello_b64); + char *hello_b64 = grpc_base64_encode (hello, strlen (hello), url_safe, multiline); + gpr_slice hello_slice = grpc_base64_decode (hello_b64, url_safe); + GPR_ASSERT (GPR_SLICE_LENGTH (hello_slice) == strlen (hello)); + GPR_ASSERT (strncmp ((const char *) GPR_SLICE_START_PTR (hello_slice), hello, GPR_SLICE_LENGTH (hello_slice)) == 0); + + gpr_slice_unref (hello_slice); + gpr_free (hello_b64); } -static void test_full_range_encode_decode_b64(int url_safe, int multiline) { +static void +test_full_range_encode_decode_b64 (int url_safe, int multiline) +{ unsigned char orig[256]; size_t i; char *b64; gpr_slice orig_decoded; - for (i = 0; i < sizeof(orig); i++) orig[i] = (gpr_uint8)i; + for (i = 0; i < sizeof (orig); i++) + orig[i] = (gpr_uint8) i; /* Try all the different paddings. */ - for (i = 0; i < 3; i++) { - b64 = grpc_base64_encode(orig, sizeof(orig) - i, url_safe, multiline); - orig_decoded = grpc_base64_decode(b64, url_safe); - GPR_ASSERT(GPR_SLICE_LENGTH(orig_decoded) == (sizeof(orig) - i)); - GPR_ASSERT(buffers_are_equal(orig, GPR_SLICE_START_PTR(orig_decoded), - sizeof(orig) - i)); - gpr_slice_unref(orig_decoded); - gpr_free(b64); - } + for (i = 0; i < 3; i++) + { + b64 = grpc_base64_encode (orig, sizeof (orig) - i, url_safe, multiline); + orig_decoded = grpc_base64_decode (b64, url_safe); + GPR_ASSERT (GPR_SLICE_LENGTH (orig_decoded) == (sizeof (orig) - i)); + GPR_ASSERT (buffers_are_equal (orig, GPR_SLICE_START_PTR (orig_decoded), sizeof (orig) - i)); + gpr_slice_unref (orig_decoded); + gpr_free (b64); + } } -static void test_simple_encode_decode_b64_no_multiline(void) { - test_simple_encode_decode_b64(0, 0); +static void +test_simple_encode_decode_b64_no_multiline (void) +{ + test_simple_encode_decode_b64 (0, 0); } -static void test_simple_encode_decode_b64_multiline(void) { - test_simple_encode_decode_b64(0, 1); +static void +test_simple_encode_decode_b64_multiline (void) +{ + test_simple_encode_decode_b64 (0, 1); } -static void test_simple_encode_decode_b64_urlsafe_no_multiline(void) { - test_simple_encode_decode_b64(1, 0); +static void +test_simple_encode_decode_b64_urlsafe_no_multiline (void) +{ + test_simple_encode_decode_b64 (1, 0); } -static void test_simple_encode_decode_b64_urlsafe_multiline(void) { - test_simple_encode_decode_b64(1, 1); +static void +test_simple_encode_decode_b64_urlsafe_multiline (void) +{ + test_simple_encode_decode_b64 (1, 1); } -static void test_full_range_encode_decode_b64_no_multiline(void) { - test_full_range_encode_decode_b64(0, 0); +static void +test_full_range_encode_decode_b64_no_multiline (void) +{ + test_full_range_encode_decode_b64 (0, 0); } -static void test_full_range_encode_decode_b64_multiline(void) { - test_full_range_encode_decode_b64(0, 1); +static void +test_full_range_encode_decode_b64_multiline (void) +{ + test_full_range_encode_decode_b64 (0, 1); } -static void test_full_range_encode_decode_b64_urlsafe_no_multiline(void) { - test_full_range_encode_decode_b64(1, 0); +static void +test_full_range_encode_decode_b64_urlsafe_no_multiline (void) +{ + test_full_range_encode_decode_b64 (1, 0); } -static void test_full_range_encode_decode_b64_urlsafe_multiline(void) { - test_full_range_encode_decode_b64(1, 1); +static void +test_full_range_encode_decode_b64_urlsafe_multiline (void) +{ + test_full_range_encode_decode_b64 (1, 1); } -static void test_url_safe_unsafe_mismtach_failure(void) { +static void +test_url_safe_unsafe_mismtach_failure (void) +{ unsigned char orig[256]; size_t i; char *b64; gpr_slice orig_decoded; int url_safe = 1; - for (i = 0; i < sizeof(orig); i++) orig[i] = (gpr_uint8)i; - - b64 = grpc_base64_encode(orig, sizeof(orig), url_safe, 0); - orig_decoded = grpc_base64_decode(b64, !url_safe); - GPR_ASSERT(GPR_SLICE_IS_EMPTY(orig_decoded)); - gpr_free(b64); - gpr_slice_unref(orig_decoded); - - b64 = grpc_base64_encode(orig, sizeof(orig), !url_safe, 0); - orig_decoded = grpc_base64_decode(b64, url_safe); - GPR_ASSERT(GPR_SLICE_IS_EMPTY(orig_decoded)); - gpr_free(b64); - gpr_slice_unref(orig_decoded); + for (i = 0; i < sizeof (orig); i++) + orig[i] = (gpr_uint8) i; + + b64 = grpc_base64_encode (orig, sizeof (orig), url_safe, 0); + orig_decoded = grpc_base64_decode (b64, !url_safe); + GPR_ASSERT (GPR_SLICE_IS_EMPTY (orig_decoded)); + gpr_free (b64); + gpr_slice_unref (orig_decoded); + + b64 = grpc_base64_encode (orig, sizeof (orig), !url_safe, 0); + orig_decoded = grpc_base64_decode (b64, url_safe); + GPR_ASSERT (GPR_SLICE_IS_EMPTY (orig_decoded)); + gpr_free (b64); + gpr_slice_unref (orig_decoded); } -static void test_rfc4648_test_vectors(void) { +static void +test_rfc4648_test_vectors (void) +{ char *b64; - b64 = grpc_base64_encode("", 0, 0, 0); - GPR_ASSERT(strcmp("", b64) == 0); - gpr_free(b64); + b64 = grpc_base64_encode ("", 0, 0, 0); + GPR_ASSERT (strcmp ("", b64) == 0); + gpr_free (b64); - b64 = grpc_base64_encode("f", 1, 0, 0); - GPR_ASSERT(strcmp("Zg==", b64) == 0); - gpr_free(b64); + b64 = grpc_base64_encode ("f", 1, 0, 0); + GPR_ASSERT (strcmp ("Zg==", b64) == 0); + gpr_free (b64); - b64 = grpc_base64_encode("fo", 2, 0, 0); - GPR_ASSERT(strcmp("Zm8=", b64) == 0); - gpr_free(b64); + b64 = grpc_base64_encode ("fo", 2, 0, 0); + GPR_ASSERT (strcmp ("Zm8=", b64) == 0); + gpr_free (b64); - b64 = grpc_base64_encode("foo", 3, 0, 0); - GPR_ASSERT(strcmp("Zm9v", b64) == 0); - gpr_free(b64); + b64 = grpc_base64_encode ("foo", 3, 0, 0); + GPR_ASSERT (strcmp ("Zm9v", b64) == 0); + gpr_free (b64); - b64 = grpc_base64_encode("foob", 4, 0, 0); - GPR_ASSERT(strcmp("Zm9vYg==", b64) == 0); - gpr_free(b64); + b64 = grpc_base64_encode ("foob", 4, 0, 0); + GPR_ASSERT (strcmp ("Zm9vYg==", b64) == 0); + gpr_free (b64); - b64 = grpc_base64_encode("fooba", 5, 0, 0); - GPR_ASSERT(strcmp("Zm9vYmE=", b64) == 0); - gpr_free(b64); + b64 = grpc_base64_encode ("fooba", 5, 0, 0); + GPR_ASSERT (strcmp ("Zm9vYmE=", b64) == 0); + gpr_free (b64); - b64 = grpc_base64_encode("foobar", 6, 0, 0); - GPR_ASSERT(strcmp("Zm9vYmFy", b64) == 0); - gpr_free(b64); + b64 = grpc_base64_encode ("foobar", 6, 0, 0); + GPR_ASSERT (strcmp ("Zm9vYmFy", b64) == 0); + gpr_free (b64); } -static void test_unpadded_decode(void) { +static void +test_unpadded_decode (void) +{ gpr_slice decoded; - decoded = grpc_base64_decode("Zm9vYmFy", 0); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(decoded)); - GPR_ASSERT(gpr_slice_str_cmp(decoded, "foobar") == 0); - gpr_slice_unref(decoded); - - decoded = grpc_base64_decode("Zm9vYmE", 0); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(decoded)); - GPR_ASSERT(gpr_slice_str_cmp(decoded, "fooba") == 0); - gpr_slice_unref(decoded); - - decoded = grpc_base64_decode("Zm9vYg", 0); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(decoded)); - GPR_ASSERT(gpr_slice_str_cmp(decoded, "foob") == 0); - gpr_slice_unref(decoded); - - decoded = grpc_base64_decode("Zm9v", 0); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(decoded)); - GPR_ASSERT(gpr_slice_str_cmp(decoded, "foo") == 0); - gpr_slice_unref(decoded); - - decoded = grpc_base64_decode("Zm8", 0); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(decoded)); - GPR_ASSERT(gpr_slice_str_cmp(decoded, "fo") == 0); - gpr_slice_unref(decoded); - - decoded = grpc_base64_decode("Zg", 0); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(decoded)); - GPR_ASSERT(gpr_slice_str_cmp(decoded, "f") == 0); - gpr_slice_unref(decoded); - - decoded = grpc_base64_decode("", 0); - GPR_ASSERT(GPR_SLICE_IS_EMPTY(decoded)); + decoded = grpc_base64_decode ("Zm9vYmFy", 0); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (decoded)); + GPR_ASSERT (gpr_slice_str_cmp (decoded, "foobar") == 0); + gpr_slice_unref (decoded); + + decoded = grpc_base64_decode ("Zm9vYmE", 0); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (decoded)); + GPR_ASSERT (gpr_slice_str_cmp (decoded, "fooba") == 0); + gpr_slice_unref (decoded); + + decoded = grpc_base64_decode ("Zm9vYg", 0); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (decoded)); + GPR_ASSERT (gpr_slice_str_cmp (decoded, "foob") == 0); + gpr_slice_unref (decoded); + + decoded = grpc_base64_decode ("Zm9v", 0); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (decoded)); + GPR_ASSERT (gpr_slice_str_cmp (decoded, "foo") == 0); + gpr_slice_unref (decoded); + + decoded = grpc_base64_decode ("Zm8", 0); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (decoded)); + GPR_ASSERT (gpr_slice_str_cmp (decoded, "fo") == 0); + gpr_slice_unref (decoded); + + decoded = grpc_base64_decode ("Zg", 0); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (decoded)); + GPR_ASSERT (gpr_slice_str_cmp (decoded, "f") == 0); + gpr_slice_unref (decoded); + + decoded = grpc_base64_decode ("", 0); + GPR_ASSERT (GPR_SLICE_IS_EMPTY (decoded)); } -int main(int argc, char **argv) { - grpc_test_init(argc, argv); - test_simple_encode_decode_b64_no_multiline(); - test_simple_encode_decode_b64_multiline(); - test_simple_encode_decode_b64_urlsafe_no_multiline(); - test_simple_encode_decode_b64_urlsafe_multiline(); - test_full_range_encode_decode_b64_no_multiline(); - test_full_range_encode_decode_b64_multiline(); - test_full_range_encode_decode_b64_urlsafe_no_multiline(); - test_full_range_encode_decode_b64_urlsafe_multiline(); - test_url_safe_unsafe_mismtach_failure(); - test_rfc4648_test_vectors(); - test_unpadded_decode(); +int +main (int argc, char **argv) +{ + grpc_test_init (argc, argv); + test_simple_encode_decode_b64_no_multiline (); + test_simple_encode_decode_b64_multiline (); + test_simple_encode_decode_b64_urlsafe_no_multiline (); + test_simple_encode_decode_b64_urlsafe_multiline (); + test_full_range_encode_decode_b64_no_multiline (); + test_full_range_encode_decode_b64_multiline (); + test_full_range_encode_decode_b64_urlsafe_no_multiline (); + test_full_range_encode_decode_b64_urlsafe_multiline (); + test_url_safe_unsafe_mismtach_failure (); + test_rfc4648_test_vectors (); + test_unpadded_decode (); return 0; } diff --git a/test/core/security/create_jwt.c b/test/core/security/create_jwt.c index b02469fb35..47cc26cefa 100644 --- a/test/core/security/create_jwt.c +++ b/test/core/security/create_jwt.c @@ -43,68 +43,69 @@ #include <grpc/support/log.h> #include <grpc/support/slice.h> -void create_jwt(const char *json_key_file_path, const char *service_url, - const char *scope) { +void +create_jwt (const char *json_key_file_path, const char *service_url, const char *scope) +{ grpc_auth_json_key key; int ok = 0; char *jwt; - gpr_slice json_key_data = gpr_load_file(json_key_file_path, 1, &ok); - if (!ok) { - fprintf(stderr, "Could not read %s.\n", json_key_file_path); - exit(1); - } - key = grpc_auth_json_key_create_from_string( - (const char *)GPR_SLICE_START_PTR(json_key_data)); - gpr_slice_unref(json_key_data); - if (!grpc_auth_json_key_is_valid(&key)) { - fprintf(stderr, "Could not parse json key.\n"); - exit(1); - } - jwt = grpc_jwt_encode_and_sign( - &key, service_url == NULL ? GRPC_JWT_OAUTH2_AUDIENCE : service_url, - grpc_max_auth_token_lifetime, scope); - grpc_auth_json_key_destruct(&key); - if (jwt == NULL) { - fprintf(stderr, "Could not create JWT.\n"); - exit(1); - } - fprintf(stdout, "%s\n", jwt); - gpr_free(jwt); + gpr_slice json_key_data = gpr_load_file (json_key_file_path, 1, &ok); + if (!ok) + { + fprintf (stderr, "Could not read %s.\n", json_key_file_path); + exit (1); + } + key = grpc_auth_json_key_create_from_string ((const char *) GPR_SLICE_START_PTR (json_key_data)); + gpr_slice_unref (json_key_data); + if (!grpc_auth_json_key_is_valid (&key)) + { + fprintf (stderr, "Could not parse json key.\n"); + exit (1); + } + jwt = grpc_jwt_encode_and_sign (&key, service_url == NULL ? GRPC_JWT_OAUTH2_AUDIENCE : service_url, grpc_max_auth_token_lifetime, scope); + grpc_auth_json_key_destruct (&key); + if (jwt == NULL) + { + fprintf (stderr, "Could not create JWT.\n"); + exit (1); + } + fprintf (stdout, "%s\n", jwt); + gpr_free (jwt); } -int main(int argc, char **argv) { +int +main (int argc, char **argv) +{ char *scope = NULL; char *json_key_file_path = NULL; char *service_url = NULL; - gpr_cmdline *cl = gpr_cmdline_create("create_jwt"); - gpr_cmdline_add_string(cl, "json_key", "File path of the json key.", - &json_key_file_path); - gpr_cmdline_add_string(cl, "scope", - "OPTIONAL Space delimited permissions. Mutually " - "exclusive with service_url", - &scope); - gpr_cmdline_add_string(cl, "service_url", - "OPTIONAL service URL. Mutually exclusive with scope.", - &service_url); - gpr_cmdline_parse(cl, argc, argv); + gpr_cmdline *cl = gpr_cmdline_create ("create_jwt"); + gpr_cmdline_add_string (cl, "json_key", "File path of the json key.", &json_key_file_path); + gpr_cmdline_add_string (cl, "scope", "OPTIONAL Space delimited permissions. Mutually " "exclusive with service_url", &scope); + gpr_cmdline_add_string (cl, "service_url", "OPTIONAL service URL. Mutually exclusive with scope.", &service_url); + gpr_cmdline_parse (cl, argc, argv); - if (json_key_file_path == NULL) { - fprintf(stderr, "Missing --json_key option.\n"); - exit(1); - } - if (scope != NULL) { - if (service_url != NULL) { - fprintf(stderr, - "Options --scope and --service_url are mutually exclusive.\n"); - exit(1); + if (json_key_file_path == NULL) + { + fprintf (stderr, "Missing --json_key option.\n"); + exit (1); + } + if (scope != NULL) + { + if (service_url != NULL) + { + fprintf (stderr, "Options --scope and --service_url are mutually exclusive.\n"); + exit (1); + } + } + else if (service_url == NULL) + { + fprintf (stderr, "Need one of --service_url or --scope options.\n"); + exit (1); } - } else if (service_url == NULL) { - fprintf(stderr, "Need one of --service_url or --scope options.\n"); - exit(1); - } - create_jwt(json_key_file_path, service_url, scope); + create_jwt (json_key_file_path, service_url, scope); - gpr_cmdline_destroy(cl); + gpr_cmdline_destroy (cl); return 0; } diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c index e48aab95fa..6769de1a60 100644 --- a/test/core/security/credentials_test.c +++ b/test/core/security/credentials_test.c @@ -52,897 +52,797 @@ static const char test_google_iam_authorization_token[] = "blahblahblhahb"; static const char test_google_iam_authority_selector[] = "respectmyauthoritah"; -static const char test_oauth2_bearer_token[] = - "Bearer blaaslkdjfaslkdfasdsfasf"; +static const char test_oauth2_bearer_token[] = "Bearer blaaslkdjfaslkdfasdsfasf"; static const char test_root_cert[] = "I am the root!"; /* This JSON key was generated with the GCE console and revoked immediately. The identifiers have been changed as well. Maximum size for a string literal is 509 chars in C89, yay! */ -static const char test_json_key_str_part1[] = - "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----" - "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE" - "qg" - "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/" - "rWBQvS4hle4LfijkP3J5BG+" - "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+" - "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/" - "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/" - "8HpCqFYM9V8f34SBWfD4fRFT+n/" - "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"; -static const char test_json_key_str_part2[] = - "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+" - "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/" - "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA" - "G" - "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz" - "A" - "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+" - "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/" - "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ" - "Y" - "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "; -static const char test_json_key_str_part3[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; +static const char test_json_key_str_part1[] = "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----" "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE" "qg" "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/" "rWBQvS4hle4LfijkP3J5BG+" "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+" "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/" "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/" "8HpCqFYM9V8f34SBWfD4fRFT+n/" "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"; +static const char test_json_key_str_part2[] = "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+" "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/" "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA" "G" "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz" "A" "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+" "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/" "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ" "Y" "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "; +static const char test_json_key_str_part3[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; /* Test refresh token. */ -static const char test_refresh_token_str[] = - "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," - " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," - " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"," - " \"type\": \"authorized_user\"}"; +static const char test_refresh_token_str[] = "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"," " \"type\": \"authorized_user\"}"; -static const char valid_oauth2_json_response[] = - "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," - " \"expires_in\":3599, " - " \"token_type\":\"Bearer\"}"; +static const char valid_oauth2_json_response[] = "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," " \"expires_in\":3599, " " \"token_type\":\"Bearer\"}"; static const char test_user_data[] = "user data"; static const char test_scope[] = "perm1 perm2"; -static const char test_signed_jwt[] = - "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImY0OTRkN2M1YWU2MGRmOTcyNmM4YW" - "U0MDcyZTViYTdmZDkwODg2YzcifQ"; +static const char test_signed_jwt[] = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImY0OTRkN2M1YWU2MGRmOTcyNmM4YW" "U0MDcyZTViYTdmZDkwODg2YzcifQ"; static const char test_service_url[] = "https://foo.com/foo.v1"; static const char other_test_service_url[] = "https://bar.com/bar.v1"; -static char *test_json_key_str(void) { - size_t result_len = strlen(test_json_key_str_part1) + - strlen(test_json_key_str_part2) + - strlen(test_json_key_str_part3); - char *result = gpr_malloc(result_len + 1); +static char * +test_json_key_str (void) +{ + size_t result_len = strlen (test_json_key_str_part1) + strlen (test_json_key_str_part2) + strlen (test_json_key_str_part3); + char *result = gpr_malloc (result_len + 1); char *current = result; - strcpy(result, test_json_key_str_part1); - current += strlen(test_json_key_str_part1); - strcpy(current, test_json_key_str_part2); - current += strlen(test_json_key_str_part2); - strcpy(current, test_json_key_str_part3); + strcpy (result, test_json_key_str_part1); + current += strlen (test_json_key_str_part1); + strcpy (current, test_json_key_str_part2); + current += strlen (test_json_key_str_part2); + strcpy (current, test_json_key_str_part3); return result; } -typedef struct { +typedef struct +{ const char *key; const char *value; } expected_md; -static grpc_httpcli_response http_response(int status, const char *body) { +static grpc_httpcli_response +http_response (int status, const char *body) +{ grpc_httpcli_response response; - memset(&response, 0, sizeof(grpc_httpcli_response)); + memset (&response, 0, sizeof (grpc_httpcli_response)); response.status = status; - response.body = (char *)body; - response.body_length = strlen(body); + response.body = (char *) body; + response.body_length = strlen (body); return response; } -static void test_empty_md_store(void) { - grpc_credentials_md_store *store = grpc_credentials_md_store_create(0); - GPR_ASSERT(store->num_entries == 0); - GPR_ASSERT(store->allocated == 0); - grpc_credentials_md_store_unref(store); -} - -static void test_ref_unref_empty_md_store(void) { - grpc_credentials_md_store *store = grpc_credentials_md_store_create(0); - grpc_credentials_md_store_ref(store); - grpc_credentials_md_store_ref(store); - GPR_ASSERT(store->num_entries == 0); - GPR_ASSERT(store->allocated == 0); - grpc_credentials_md_store_unref(store); - grpc_credentials_md_store_unref(store); - grpc_credentials_md_store_unref(store); -} - -static void test_add_to_empty_md_store(void) { - grpc_credentials_md_store *store = grpc_credentials_md_store_create(0); +static void +test_empty_md_store (void) +{ + grpc_credentials_md_store *store = grpc_credentials_md_store_create (0); + GPR_ASSERT (store->num_entries == 0); + GPR_ASSERT (store->allocated == 0); + grpc_credentials_md_store_unref (store); +} + +static void +test_ref_unref_empty_md_store (void) +{ + grpc_credentials_md_store *store = grpc_credentials_md_store_create (0); + grpc_credentials_md_store_ref (store); + grpc_credentials_md_store_ref (store); + GPR_ASSERT (store->num_entries == 0); + GPR_ASSERT (store->allocated == 0); + grpc_credentials_md_store_unref (store); + grpc_credentials_md_store_unref (store); + grpc_credentials_md_store_unref (store); +} + +static void +test_add_to_empty_md_store (void) +{ + grpc_credentials_md_store *store = grpc_credentials_md_store_create (0); const char *key_str = "hello"; const char *value_str = "there blah blah blah blah blah blah blah"; - gpr_slice key = gpr_slice_from_copied_string(key_str); - gpr_slice value = gpr_slice_from_copied_string(value_str); - grpc_credentials_md_store_add(store, key, value); - GPR_ASSERT(store->num_entries == 1); - GPR_ASSERT(gpr_slice_cmp(key, store->entries[0].key) == 0); - GPR_ASSERT(gpr_slice_cmp(value, store->entries[0].value) == 0); - gpr_slice_unref(key); - gpr_slice_unref(value); - grpc_credentials_md_store_unref(store); -} - -static void test_add_cstrings_to_empty_md_store(void) { - grpc_credentials_md_store *store = grpc_credentials_md_store_create(0); + gpr_slice key = gpr_slice_from_copied_string (key_str); + gpr_slice value = gpr_slice_from_copied_string (value_str); + grpc_credentials_md_store_add (store, key, value); + GPR_ASSERT (store->num_entries == 1); + GPR_ASSERT (gpr_slice_cmp (key, store->entries[0].key) == 0); + GPR_ASSERT (gpr_slice_cmp (value, store->entries[0].value) == 0); + gpr_slice_unref (key); + gpr_slice_unref (value); + grpc_credentials_md_store_unref (store); +} + +static void +test_add_cstrings_to_empty_md_store (void) +{ + grpc_credentials_md_store *store = grpc_credentials_md_store_create (0); const char *key_str = "hello"; const char *value_str = "there blah blah blah blah blah blah blah"; - grpc_credentials_md_store_add_cstrings(store, key_str, value_str); - GPR_ASSERT(store->num_entries == 1); - GPR_ASSERT(gpr_slice_str_cmp(store->entries[0].key, key_str) == 0); - GPR_ASSERT(gpr_slice_str_cmp(store->entries[0].value, value_str) == 0); - grpc_credentials_md_store_unref(store); -} - -static void test_empty_preallocated_md_store(void) { - grpc_credentials_md_store *store = grpc_credentials_md_store_create(4); - GPR_ASSERT(store->num_entries == 0); - GPR_ASSERT(store->allocated == 4); - GPR_ASSERT(store->entries != NULL); - grpc_credentials_md_store_unref(store); -} - -static void test_add_abunch_to_md_store(void) { - grpc_credentials_md_store *store = grpc_credentials_md_store_create(4); + grpc_credentials_md_store_add_cstrings (store, key_str, value_str); + GPR_ASSERT (store->num_entries == 1); + GPR_ASSERT (gpr_slice_str_cmp (store->entries[0].key, key_str) == 0); + GPR_ASSERT (gpr_slice_str_cmp (store->entries[0].value, value_str) == 0); + grpc_credentials_md_store_unref (store); +} + +static void +test_empty_preallocated_md_store (void) +{ + grpc_credentials_md_store *store = grpc_credentials_md_store_create (4); + GPR_ASSERT (store->num_entries == 0); + GPR_ASSERT (store->allocated == 4); + GPR_ASSERT (store->entries != NULL); + grpc_credentials_md_store_unref (store); +} + +static void +test_add_abunch_to_md_store (void) +{ + grpc_credentials_md_store *store = grpc_credentials_md_store_create (4); size_t num_entries = 1000; const char *key_str = "hello"; const char *value_str = "there blah blah blah blah blah blah blah"; size_t i; - for (i = 0; i < num_entries; i++) { - grpc_credentials_md_store_add_cstrings(store, key_str, value_str); - } - for (i = 0; i < num_entries; i++) { - GPR_ASSERT(gpr_slice_str_cmp(store->entries[i].key, key_str) == 0); - GPR_ASSERT(gpr_slice_str_cmp(store->entries[i].value, value_str) == 0); - } - grpc_credentials_md_store_unref(store); + for (i = 0; i < num_entries; i++) + { + grpc_credentials_md_store_add_cstrings (store, key_str, value_str); + } + for (i = 0; i < num_entries; i++) + { + GPR_ASSERT (gpr_slice_str_cmp (store->entries[i].key, key_str) == 0); + GPR_ASSERT (gpr_slice_str_cmp (store->entries[i].value, value_str) == 0); + } + grpc_credentials_md_store_unref (store); } -static void test_oauth2_token_fetcher_creds_parsing_ok(void) { +static void +test_oauth2_token_fetcher_creds_parsing_ok (void) +{ grpc_credentials_md_store *token_md = NULL; gpr_timespec token_lifetime; - grpc_httpcli_response response = - http_response(200, valid_oauth2_json_response); - GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response( - &response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_OK); - GPR_ASSERT(token_lifetime.tv_sec == 3599); - GPR_ASSERT(token_lifetime.tv_nsec == 0); - GPR_ASSERT(token_md->num_entries == 1); - GPR_ASSERT(gpr_slice_str_cmp(token_md->entries[0].key, "Authorization") == 0); - GPR_ASSERT(gpr_slice_str_cmp(token_md->entries[0].value, - "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_") == - 0); - grpc_credentials_md_store_unref(token_md); -} - -static void test_oauth2_token_fetcher_creds_parsing_bad_http_status(void) { + grpc_httpcli_response response = http_response (200, valid_oauth2_json_response); + GPR_ASSERT (grpc_oauth2_token_fetcher_credentials_parse_server_response (&response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_OK); + GPR_ASSERT (token_lifetime.tv_sec == 3599); + GPR_ASSERT (token_lifetime.tv_nsec == 0); + GPR_ASSERT (token_md->num_entries == 1); + GPR_ASSERT (gpr_slice_str_cmp (token_md->entries[0].key, "Authorization") == 0); + GPR_ASSERT (gpr_slice_str_cmp (token_md->entries[0].value, "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_") == 0); + grpc_credentials_md_store_unref (token_md); +} + +static void +test_oauth2_token_fetcher_creds_parsing_bad_http_status (void) +{ grpc_credentials_md_store *token_md = NULL; gpr_timespec token_lifetime; - grpc_httpcli_response response = - http_response(401, valid_oauth2_json_response); - GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response( - &response, &token_md, &token_lifetime) == - GRPC_CREDENTIALS_ERROR); + grpc_httpcli_response response = http_response (401, valid_oauth2_json_response); + GPR_ASSERT (grpc_oauth2_token_fetcher_credentials_parse_server_response (&response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_ERROR); } -static void test_oauth2_token_fetcher_creds_parsing_empty_http_body(void) { +static void +test_oauth2_token_fetcher_creds_parsing_empty_http_body (void) +{ grpc_credentials_md_store *token_md = NULL; gpr_timespec token_lifetime; - grpc_httpcli_response response = http_response(200, ""); - GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response( - &response, &token_md, &token_lifetime) == - GRPC_CREDENTIALS_ERROR); + grpc_httpcli_response response = http_response (200, ""); + GPR_ASSERT (grpc_oauth2_token_fetcher_credentials_parse_server_response (&response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_ERROR); } -static void test_oauth2_token_fetcher_creds_parsing_invalid_json(void) { +static void +test_oauth2_token_fetcher_creds_parsing_invalid_json (void) +{ grpc_credentials_md_store *token_md = NULL; gpr_timespec token_lifetime; - grpc_httpcli_response response = - http_response(200, - "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," - " \"expires_in\":3599, " - " \"token_type\":\"Bearer\""); - GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response( - &response, &token_md, &token_lifetime) == - GRPC_CREDENTIALS_ERROR); + grpc_httpcli_response response = http_response (200, + "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," " \"expires_in\":3599, " " \"token_type\":\"Bearer\""); + GPR_ASSERT (grpc_oauth2_token_fetcher_credentials_parse_server_response (&response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_ERROR); } -static void test_oauth2_token_fetcher_creds_parsing_missing_token(void) { +static void +test_oauth2_token_fetcher_creds_parsing_missing_token (void) +{ grpc_credentials_md_store *token_md = NULL; gpr_timespec token_lifetime; - grpc_httpcli_response response = http_response(200, - "{" - " \"expires_in\":3599, " - " \"token_type\":\"Bearer\"}"); - GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response( - &response, &token_md, &token_lifetime) == - GRPC_CREDENTIALS_ERROR); + grpc_httpcli_response response = http_response (200, + "{" " \"expires_in\":3599, " " \"token_type\":\"Bearer\"}"); + GPR_ASSERT (grpc_oauth2_token_fetcher_credentials_parse_server_response (&response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_ERROR); } -static void test_oauth2_token_fetcher_creds_parsing_missing_token_type(void) { +static void +test_oauth2_token_fetcher_creds_parsing_missing_token_type (void) +{ grpc_credentials_md_store *token_md = NULL; gpr_timespec token_lifetime; - grpc_httpcli_response response = - http_response(200, - "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," - " \"expires_in\":3599, " - "}"); - GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response( - &response, &token_md, &token_lifetime) == - GRPC_CREDENTIALS_ERROR); -} - -static void test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime( - void) { + grpc_httpcli_response response = http_response (200, + "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," " \"expires_in\":3599, " "}"); + GPR_ASSERT (grpc_oauth2_token_fetcher_credentials_parse_server_response (&response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_ERROR); +} + +static void +test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime (void) +{ grpc_credentials_md_store *token_md = NULL; gpr_timespec token_lifetime; - grpc_httpcli_response response = - http_response(200, - "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," - " \"token_type\":\"Bearer\"}"); - GPR_ASSERT(grpc_oauth2_token_fetcher_credentials_parse_server_response( - &response, &token_md, &token_lifetime) == - GRPC_CREDENTIALS_ERROR); + grpc_httpcli_response response = http_response (200, + "{\"access_token\":\"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_\"," " \"token_type\":\"Bearer\"}"); + GPR_ASSERT (grpc_oauth2_token_fetcher_credentials_parse_server_response (&response, &token_md, &token_lifetime) == GRPC_CREDENTIALS_ERROR); } -static void check_metadata(expected_md *expected, grpc_credentials_md *md_elems, - size_t num_md) { +static void +check_metadata (expected_md * expected, grpc_credentials_md * md_elems, size_t num_md) +{ size_t i; - for (i = 0; i < num_md; i++) { - size_t j; - for (j = 0; j < num_md; j++) { - if (0 == gpr_slice_str_cmp(md_elems[j].key, expected[i].key)) { - GPR_ASSERT(gpr_slice_str_cmp(md_elems[j].value, expected[i].value) == - 0); - break; - } - } - if (j == num_md) { - gpr_log(GPR_ERROR, "key %s not found", expected[i].key); - GPR_ASSERT(0); + for (i = 0; i < num_md; i++) + { + size_t j; + for (j = 0; j < num_md; j++) + { + if (0 == gpr_slice_str_cmp (md_elems[j].key, expected[i].key)) + { + GPR_ASSERT (gpr_slice_str_cmp (md_elems[j].value, expected[i].value) == 0); + break; + } + } + if (j == num_md) + { + gpr_log (GPR_ERROR, "key %s not found", expected[i].key); + GPR_ASSERT (0); + } } - } -} - -static void check_google_iam_metadata(void *user_data, - grpc_credentials_md *md_elems, - size_t num_md, - grpc_credentials_status status, - grpc_closure_list *closure_list) { - grpc_credentials *c = (grpc_credentials *)user_data; - expected_md emd[] = {{GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, - test_google_iam_authorization_token}, - {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, - test_google_iam_authority_selector}}; - GPR_ASSERT(status == GRPC_CREDENTIALS_OK); - GPR_ASSERT(num_md == 2); - check_metadata(emd, md_elems, num_md); - grpc_credentials_unref(c); -} - -static void test_google_iam_creds(void) { +} + +static void +check_google_iam_metadata (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ + grpc_credentials *c = (grpc_credentials *) user_data; + expected_md emd[] = { {GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, + test_google_iam_authorization_token}, + {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, + test_google_iam_authority_selector} + }; + GPR_ASSERT (status == GRPC_CREDENTIALS_OK); + GPR_ASSERT (num_md == 2); + check_metadata (emd, md_elems, num_md); + grpc_credentials_unref (c); +} + +static void +test_google_iam_creds (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *creds = grpc_google_iam_credentials_create( - test_google_iam_authorization_token, test_google_iam_authority_selector, - NULL); - GPR_ASSERT(grpc_credentials_has_request_metadata(creds)); - GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds)); - grpc_credentials_get_request_metadata(creds, NULL, test_service_url, - check_google_iam_metadata, creds, - &closure_list); - grpc_closure_list_run(&closure_list); -} - -static void check_access_token_metadata(void *user_data, - grpc_credentials_md *md_elems, - size_t num_md, - grpc_credentials_status status, - grpc_closure_list *closure_list) { - grpc_credentials *c = (grpc_credentials *)user_data; - expected_md emd[] = {{GRPC_AUTHORIZATION_METADATA_KEY, "Bearer blah"}}; - GPR_ASSERT(status == GRPC_CREDENTIALS_OK); - GPR_ASSERT(num_md == 1); - check_metadata(emd, md_elems, num_md); - grpc_credentials_unref(c); -} - -static void test_access_token_creds(void) { + grpc_credentials *creds = grpc_google_iam_credentials_create (test_google_iam_authorization_token, test_google_iam_authority_selector, + NULL); + GPR_ASSERT (grpc_credentials_has_request_metadata (creds)); + GPR_ASSERT (grpc_credentials_has_request_metadata_only (creds)); + grpc_credentials_get_request_metadata (creds, NULL, test_service_url, check_google_iam_metadata, creds, &closure_list); + grpc_closure_list_run (&closure_list); +} + +static void +check_access_token_metadata (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ + grpc_credentials *c = (grpc_credentials *) user_data; + expected_md emd[] = { {GRPC_AUTHORIZATION_METADATA_KEY, "Bearer blah"} }; + GPR_ASSERT (status == GRPC_CREDENTIALS_OK); + GPR_ASSERT (num_md == 1); + check_metadata (emd, md_elems, num_md); + grpc_credentials_unref (c); +} + +static void +test_access_token_creds (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *creds = grpc_access_token_credentials_create("blah", NULL); - GPR_ASSERT(grpc_credentials_has_request_metadata(creds)); - GPR_ASSERT(grpc_credentials_has_request_metadata_only(creds)); - GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); - grpc_credentials_get_request_metadata(creds, NULL, test_service_url, - check_access_token_metadata, creds, - &closure_list); - grpc_closure_list_run(&closure_list); -} - -static void check_ssl_oauth2_composite_metadata( - void *user_data, grpc_credentials_md *md_elems, size_t num_md, - grpc_credentials_status status, grpc_closure_list *closure_list) { - grpc_credentials *c = (grpc_credentials *)user_data; + grpc_credentials *creds = grpc_access_token_credentials_create ("blah", NULL); + GPR_ASSERT (grpc_credentials_has_request_metadata (creds)); + GPR_ASSERT (grpc_credentials_has_request_metadata_only (creds)); + GPR_ASSERT (strcmp (creds->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); + grpc_credentials_get_request_metadata (creds, NULL, test_service_url, check_access_token_metadata, creds, &closure_list); + grpc_closure_list_run (&closure_list); +} + +static void +check_ssl_oauth2_composite_metadata (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ + grpc_credentials *c = (grpc_credentials *) user_data; expected_md emd[] = { - {GRPC_AUTHORIZATION_METADATA_KEY, test_oauth2_bearer_token}}; - GPR_ASSERT(status == GRPC_CREDENTIALS_OK); - GPR_ASSERT(num_md == 1); - check_metadata(emd, md_elems, num_md); - grpc_credentials_unref(c); + {GRPC_AUTHORIZATION_METADATA_KEY, test_oauth2_bearer_token} + }; + GPR_ASSERT (status == GRPC_CREDENTIALS_OK); + GPR_ASSERT (num_md == 1); + check_metadata (emd, md_elems, num_md); + grpc_credentials_unref (c); } -static void test_ssl_oauth2_composite_creds(void) { +static void +test_ssl_oauth2_composite_creds (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *ssl_creds = - grpc_ssl_credentials_create(test_root_cert, NULL, NULL); + grpc_credentials *ssl_creds = grpc_ssl_credentials_create (test_root_cert, NULL, NULL); const grpc_credentials_array *creds_array; - grpc_credentials *oauth2_creds = grpc_md_only_test_credentials_create( - "Authorization", test_oauth2_bearer_token, 0); - grpc_credentials *composite_creds = - grpc_composite_credentials_create(ssl_creds, oauth2_creds, NULL); - grpc_credentials_unref(ssl_creds); - grpc_credentials_unref(oauth2_creds); - GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == - 0); - GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds)); - GPR_ASSERT(!grpc_credentials_has_request_metadata_only(composite_creds)); - creds_array = grpc_composite_credentials_get_credentials(composite_creds); - GPR_ASSERT(creds_array->num_creds == 2); - GPR_ASSERT(strcmp(creds_array->creds_array[0]->type, - GRPC_CREDENTIALS_TYPE_SSL) == 0); - GPR_ASSERT(strcmp(creds_array->creds_array[1]->type, - GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); - grpc_credentials_get_request_metadata(composite_creds, NULL, test_service_url, - check_ssl_oauth2_composite_metadata, - composite_creds, &closure_list); - grpc_closure_list_run(&closure_list); -} - -void test_ssl_fake_transport_security_composite_creds_failure(void) { - grpc_credentials *ssl_creds = grpc_ssl_credentials_create(NULL, NULL, NULL); - grpc_credentials *fake_transport_security_creds = - grpc_fake_transport_security_credentials_create(); + grpc_credentials *oauth2_creds = grpc_md_only_test_credentials_create ("Authorization", test_oauth2_bearer_token, 0); + grpc_credentials *composite_creds = grpc_composite_credentials_create (ssl_creds, oauth2_creds, NULL); + grpc_credentials_unref (ssl_creds); + grpc_credentials_unref (oauth2_creds); + GPR_ASSERT (strcmp (composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); + GPR_ASSERT (grpc_credentials_has_request_metadata (composite_creds)); + GPR_ASSERT (!grpc_credentials_has_request_metadata_only (composite_creds)); + creds_array = grpc_composite_credentials_get_credentials (composite_creds); + GPR_ASSERT (creds_array->num_creds == 2); + GPR_ASSERT (strcmp (creds_array->creds_array[0]->type, GRPC_CREDENTIALS_TYPE_SSL) == 0); + GPR_ASSERT (strcmp (creds_array->creds_array[1]->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); + grpc_credentials_get_request_metadata (composite_creds, NULL, test_service_url, check_ssl_oauth2_composite_metadata, composite_creds, &closure_list); + grpc_closure_list_run (&closure_list); +} + +void +test_ssl_fake_transport_security_composite_creds_failure (void) +{ + grpc_credentials *ssl_creds = grpc_ssl_credentials_create (NULL, NULL, NULL); + grpc_credentials *fake_transport_security_creds = grpc_fake_transport_security_credentials_create (); /* 2 connector credentials: should not work. */ - GPR_ASSERT(grpc_composite_credentials_create( - ssl_creds, fake_transport_security_creds, NULL) == NULL); - grpc_credentials_unref(ssl_creds); - grpc_credentials_unref(fake_transport_security_creds); + GPR_ASSERT (grpc_composite_credentials_create (ssl_creds, fake_transport_security_creds, NULL) == NULL); + grpc_credentials_unref (ssl_creds); + grpc_credentials_unref (fake_transport_security_creds); } -static void check_ssl_oauth2_google_iam_composite_metadata( - void *user_data, grpc_credentials_md *md_elems, size_t num_md, - grpc_credentials_status status, grpc_closure_list *closure_list) { - grpc_credentials *c = (grpc_credentials *)user_data; +static void +check_ssl_oauth2_google_iam_composite_metadata (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ + grpc_credentials *c = (grpc_credentials *) user_data; expected_md emd[] = { - {GRPC_AUTHORIZATION_METADATA_KEY, test_oauth2_bearer_token}, - {GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, - test_google_iam_authorization_token}, - {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, - test_google_iam_authority_selector}}; - GPR_ASSERT(status == GRPC_CREDENTIALS_OK); - GPR_ASSERT(num_md == 3); - check_metadata(emd, md_elems, num_md); - grpc_credentials_unref(c); -} - -static void test_ssl_oauth2_google_iam_composite_creds(void) { + {GRPC_AUTHORIZATION_METADATA_KEY, test_oauth2_bearer_token}, + {GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY, + test_google_iam_authorization_token}, + {GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY, + test_google_iam_authority_selector} + }; + GPR_ASSERT (status == GRPC_CREDENTIALS_OK); + GPR_ASSERT (num_md == 3); + check_metadata (emd, md_elems, num_md); + grpc_credentials_unref (c); +} + +static void +test_ssl_oauth2_google_iam_composite_creds (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *ssl_creds = - grpc_ssl_credentials_create(test_root_cert, NULL, NULL); + grpc_credentials *ssl_creds = grpc_ssl_credentials_create (test_root_cert, NULL, NULL); const grpc_credentials_array *creds_array; - grpc_credentials *oauth2_creds = grpc_md_only_test_credentials_create( - "Authorization", test_oauth2_bearer_token, 0); - grpc_credentials *aux_creds = - grpc_composite_credentials_create(ssl_creds, oauth2_creds, NULL); - grpc_credentials *google_iam_creds = grpc_google_iam_credentials_create( - test_google_iam_authorization_token, test_google_iam_authority_selector, - NULL); - grpc_credentials *composite_creds = - grpc_composite_credentials_create(aux_creds, google_iam_creds, NULL); - grpc_credentials_unref(ssl_creds); - grpc_credentials_unref(oauth2_creds); - grpc_credentials_unref(aux_creds); - grpc_credentials_unref(google_iam_creds); - GPR_ASSERT(strcmp(composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == - 0); - GPR_ASSERT(grpc_credentials_has_request_metadata(composite_creds)); - GPR_ASSERT(!grpc_credentials_has_request_metadata_only(composite_creds)); - creds_array = grpc_composite_credentials_get_credentials(composite_creds); - GPR_ASSERT(creds_array->num_creds == 3); - GPR_ASSERT(strcmp(creds_array->creds_array[0]->type, - GRPC_CREDENTIALS_TYPE_SSL) == 0); - GPR_ASSERT(strcmp(creds_array->creds_array[1]->type, - GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); - GPR_ASSERT(strcmp(creds_array->creds_array[2]->type, - GRPC_CREDENTIALS_TYPE_IAM) == 0); - grpc_credentials_get_request_metadata( - composite_creds, NULL, test_service_url, - check_ssl_oauth2_google_iam_composite_metadata, composite_creds, - &closure_list); - grpc_closure_list_run(&closure_list); -} - -static void on_oauth2_creds_get_metadata_success( - void *user_data, grpc_credentials_md *md_elems, size_t num_md, - grpc_credentials_status status, grpc_closure_list *closure_list) { - GPR_ASSERT(status == GRPC_CREDENTIALS_OK); - GPR_ASSERT(num_md == 1); - GPR_ASSERT(gpr_slice_str_cmp(md_elems[0].key, "Authorization") == 0); - GPR_ASSERT(gpr_slice_str_cmp(md_elems[0].value, - "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_") == - 0); - GPR_ASSERT(user_data != NULL); - GPR_ASSERT(strcmp((const char *)user_data, test_user_data) == 0); -} - -static void on_oauth2_creds_get_metadata_failure( - void *user_data, grpc_credentials_md *md_elems, size_t num_md, - grpc_credentials_status status, grpc_closure_list *closure_list) { - GPR_ASSERT(status == GRPC_CREDENTIALS_ERROR); - GPR_ASSERT(num_md == 0); - GPR_ASSERT(user_data != NULL); - GPR_ASSERT(strcmp((const char *)user_data, test_user_data) == 0); -} - -static void validate_compute_engine_http_request( - const grpc_httpcli_request *request) { - GPR_ASSERT(request->handshaker != &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "metadata") == 0); - GPR_ASSERT( - strcmp(request->path, - "/computeMetadata/v1/instance/service-accounts/default/token") == - 0); - GPR_ASSERT(request->hdr_count == 1); - GPR_ASSERT(strcmp(request->hdrs[0].key, "Metadata-Flavor") == 0); - GPR_ASSERT(strcmp(request->hdrs[0].value, "Google") == 0); -} - -static int compute_engine_httpcli_get_success_override( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = - http_response(200, valid_oauth2_json_response); - validate_compute_engine_http_request(request); - on_response(user_data, &response, closure_list); + grpc_credentials *oauth2_creds = grpc_md_only_test_credentials_create ("Authorization", test_oauth2_bearer_token, 0); + grpc_credentials *aux_creds = grpc_composite_credentials_create (ssl_creds, oauth2_creds, NULL); + grpc_credentials *google_iam_creds = grpc_google_iam_credentials_create (test_google_iam_authorization_token, test_google_iam_authority_selector, + NULL); + grpc_credentials *composite_creds = grpc_composite_credentials_create (aux_creds, google_iam_creds, NULL); + grpc_credentials_unref (ssl_creds); + grpc_credentials_unref (oauth2_creds); + grpc_credentials_unref (aux_creds); + grpc_credentials_unref (google_iam_creds); + GPR_ASSERT (strcmp (composite_creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); + GPR_ASSERT (grpc_credentials_has_request_metadata (composite_creds)); + GPR_ASSERT (!grpc_credentials_has_request_metadata_only (composite_creds)); + creds_array = grpc_composite_credentials_get_credentials (composite_creds); + GPR_ASSERT (creds_array->num_creds == 3); + GPR_ASSERT (strcmp (creds_array->creds_array[0]->type, GRPC_CREDENTIALS_TYPE_SSL) == 0); + GPR_ASSERT (strcmp (creds_array->creds_array[1]->type, GRPC_CREDENTIALS_TYPE_OAUTH2) == 0); + GPR_ASSERT (strcmp (creds_array->creds_array[2]->type, GRPC_CREDENTIALS_TYPE_IAM) == 0); + grpc_credentials_get_request_metadata (composite_creds, NULL, test_service_url, check_ssl_oauth2_google_iam_composite_metadata, composite_creds, &closure_list); + grpc_closure_list_run (&closure_list); +} + +static void +on_oauth2_creds_get_metadata_success (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ + GPR_ASSERT (status == GRPC_CREDENTIALS_OK); + GPR_ASSERT (num_md == 1); + GPR_ASSERT (gpr_slice_str_cmp (md_elems[0].key, "Authorization") == 0); + GPR_ASSERT (gpr_slice_str_cmp (md_elems[0].value, "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_") == 0); + GPR_ASSERT (user_data != NULL); + GPR_ASSERT (strcmp ((const char *) user_data, test_user_data) == 0); +} + +static void +on_oauth2_creds_get_metadata_failure (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ + GPR_ASSERT (status == GRPC_CREDENTIALS_ERROR); + GPR_ASSERT (num_md == 0); + GPR_ASSERT (user_data != NULL); + GPR_ASSERT (strcmp ((const char *) user_data, test_user_data) == 0); +} + +static void +validate_compute_engine_http_request (const grpc_httpcli_request * request) +{ + GPR_ASSERT (request->handshaker != &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "metadata") == 0); + GPR_ASSERT (strcmp (request->path, "/computeMetadata/v1/instance/service-accounts/default/token") == 0); + GPR_ASSERT (request->hdr_count == 1); + GPR_ASSERT (strcmp (request->hdrs[0].key, "Metadata-Flavor") == 0); + GPR_ASSERT (strcmp (request->hdrs[0].value, "Google") == 0); +} + +static int +compute_engine_httpcli_get_success_override (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, valid_oauth2_json_response); + validate_compute_engine_http_request (request); + on_response (user_data, &response, closure_list); return 1; } -static int compute_engine_httpcli_get_failure_override( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = http_response(403, "Not Authorized."); - validate_compute_engine_http_request(request); - on_response(user_data, &response, closure_list); +static int +compute_engine_httpcli_get_failure_override (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (403, "Not Authorized."); + validate_compute_engine_http_request (request); + on_response (user_data, &response, closure_list); return 1; } -static int httpcli_post_should_not_be_called( - const grpc_httpcli_request *request, const char *body_bytes, - size_t body_size, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - GPR_ASSERT("HTTP POST should not be called" == NULL); +static int +httpcli_post_should_not_be_called (const grpc_httpcli_request * request, const char *body_bytes, size_t body_size, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + GPR_ASSERT ("HTTP POST should not be called" == NULL); return 1; } -static int httpcli_get_should_not_be_called( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - GPR_ASSERT("HTTP GET should not be called" == NULL); +static int +httpcli_get_should_not_be_called (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + GPR_ASSERT ("HTTP GET should not be called" == NULL); return 1; } -static void test_compute_engine_creds_success(void) { +static void +test_compute_engine_creds_success (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *compute_engine_creds = - grpc_google_compute_engine_credentials_create(NULL); - GPR_ASSERT(grpc_credentials_has_request_metadata(compute_engine_creds)); - GPR_ASSERT(grpc_credentials_has_request_metadata_only(compute_engine_creds)); + grpc_credentials *compute_engine_creds = grpc_google_compute_engine_credentials_create (NULL); + GPR_ASSERT (grpc_credentials_has_request_metadata (compute_engine_creds)); + GPR_ASSERT (grpc_credentials_has_request_metadata_only (compute_engine_creds)); /* First request: http get should be called. */ - grpc_httpcli_set_override(compute_engine_httpcli_get_success_override, - httpcli_post_should_not_be_called); - grpc_credentials_get_request_metadata(compute_engine_creds, NULL, - test_service_url, - on_oauth2_creds_get_metadata_success, - (void *)test_user_data, &closure_list); - grpc_closure_list_run(&closure_list); + grpc_httpcli_set_override (compute_engine_httpcli_get_success_override, httpcli_post_should_not_be_called); + grpc_credentials_get_request_metadata (compute_engine_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *) test_user_data, &closure_list); + grpc_closure_list_run (&closure_list); /* Second request: the cached token should be served directly. */ - grpc_httpcli_set_override(httpcli_get_should_not_be_called, - httpcli_post_should_not_be_called); - grpc_credentials_get_request_metadata(compute_engine_creds, NULL, - test_service_url, - on_oauth2_creds_get_metadata_success, - (void *)test_user_data, &closure_list); - grpc_closure_list_run(&closure_list); + grpc_httpcli_set_override (httpcli_get_should_not_be_called, httpcli_post_should_not_be_called); + grpc_credentials_get_request_metadata (compute_engine_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *) test_user_data, &closure_list); + grpc_closure_list_run (&closure_list); - grpc_credentials_unref(compute_engine_creds); - grpc_httpcli_set_override(NULL, NULL); + grpc_credentials_unref (compute_engine_creds); + grpc_httpcli_set_override (NULL, NULL); } -static void test_compute_engine_creds_failure(void) { +static void +test_compute_engine_creds_failure (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *compute_engine_creds = - grpc_google_compute_engine_credentials_create(NULL); - grpc_httpcli_set_override(compute_engine_httpcli_get_failure_override, - httpcli_post_should_not_be_called); - GPR_ASSERT(grpc_credentials_has_request_metadata(compute_engine_creds)); - GPR_ASSERT(grpc_credentials_has_request_metadata_only(compute_engine_creds)); - grpc_credentials_get_request_metadata(compute_engine_creds, NULL, - test_service_url, - on_oauth2_creds_get_metadata_failure, - (void *)test_user_data, &closure_list); - grpc_credentials_unref(compute_engine_creds); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); -} - -static void validate_refresh_token_http_request( - const grpc_httpcli_request *request, const char *body, size_t body_size) { + grpc_credentials *compute_engine_creds = grpc_google_compute_engine_credentials_create (NULL); + grpc_httpcli_set_override (compute_engine_httpcli_get_failure_override, httpcli_post_should_not_be_called); + GPR_ASSERT (grpc_credentials_has_request_metadata (compute_engine_creds)); + GPR_ASSERT (grpc_credentials_has_request_metadata_only (compute_engine_creds)); + grpc_credentials_get_request_metadata (compute_engine_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_failure, (void *) test_user_data, &closure_list); + grpc_credentials_unref (compute_engine_creds); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); +} + +static void +validate_refresh_token_http_request (const grpc_httpcli_request * request, const char *body, size_t body_size) +{ /* The content of the assertion is tested extensively in json_token_test. */ char *expected_body = NULL; - GPR_ASSERT(body != NULL); - GPR_ASSERT(body_size != 0); - gpr_asprintf(&expected_body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING, - "32555999999.apps.googleusercontent.com", - "EmssLNjJy1332hD4KFsecret", - "1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42"); - GPR_ASSERT(strlen(expected_body) == body_size); - GPR_ASSERT(memcmp(expected_body, body, body_size) == 0); - gpr_free(expected_body); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, GRPC_GOOGLE_OAUTH2_SERVICE_HOST) == 0); - GPR_ASSERT(strcmp(request->path, GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH) == 0); - GPR_ASSERT(request->hdr_count == 1); - GPR_ASSERT(strcmp(request->hdrs[0].key, "Content-Type") == 0); - GPR_ASSERT( - strcmp(request->hdrs[0].value, "application/x-www-form-urlencoded") == 0); -} - -static int refresh_token_httpcli_post_success( - const grpc_httpcli_request *request, const char *body, size_t body_size, - gpr_timespec deadline, grpc_httpcli_response_cb on_response, - void *user_data, grpc_closure_list *closure_list) { - grpc_httpcli_response response = - http_response(200, valid_oauth2_json_response); - validate_refresh_token_http_request(request, body, body_size); - on_response(user_data, &response, closure_list); + GPR_ASSERT (body != NULL); + GPR_ASSERT (body_size != 0); + gpr_asprintf (&expected_body, GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING, "32555999999.apps.googleusercontent.com", "EmssLNjJy1332hD4KFsecret", "1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42"); + GPR_ASSERT (strlen (expected_body) == body_size); + GPR_ASSERT (memcmp (expected_body, body, body_size) == 0); + gpr_free (expected_body); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, GRPC_GOOGLE_OAUTH2_SERVICE_HOST) == 0); + GPR_ASSERT (strcmp (request->path, GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH) == 0); + GPR_ASSERT (request->hdr_count == 1); + GPR_ASSERT (strcmp (request->hdrs[0].key, "Content-Type") == 0); + GPR_ASSERT (strcmp (request->hdrs[0].value, "application/x-www-form-urlencoded") == 0); +} + +static int +refresh_token_httpcli_post_success (const grpc_httpcli_request * request, const char *body, size_t body_size, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, valid_oauth2_json_response); + validate_refresh_token_http_request (request, body, body_size); + on_response (user_data, &response, closure_list); return 1; } -static int refresh_token_httpcli_post_failure( - const grpc_httpcli_request *request, const char *body, size_t body_size, - gpr_timespec deadline, grpc_httpcli_response_cb on_response, - void *user_data, grpc_closure_list *closure_list) { - grpc_httpcli_response response = http_response(403, "Not Authorized."); - validate_refresh_token_http_request(request, body, body_size); - on_response(user_data, &response, closure_list); +static int +refresh_token_httpcli_post_failure (const grpc_httpcli_request * request, const char *body, size_t body_size, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (403, "Not Authorized."); + validate_refresh_token_http_request (request, body, body_size); + on_response (user_data, &response, closure_list); return 1; } -static void test_refresh_token_creds_success(void) { +static void +test_refresh_token_creds_success (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *refresh_token_creds = - grpc_google_refresh_token_credentials_create(test_refresh_token_str, - NULL); - GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds)); - GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds)); + grpc_credentials *refresh_token_creds = grpc_google_refresh_token_credentials_create (test_refresh_token_str, + NULL); + GPR_ASSERT (grpc_credentials_has_request_metadata (refresh_token_creds)); + GPR_ASSERT (grpc_credentials_has_request_metadata_only (refresh_token_creds)); /* First request: http get should be called. */ - grpc_httpcli_set_override(httpcli_get_should_not_be_called, - refresh_token_httpcli_post_success); - grpc_credentials_get_request_metadata(refresh_token_creds, NULL, - test_service_url, - on_oauth2_creds_get_metadata_success, - (void *)test_user_data, &closure_list); - grpc_closure_list_run(&closure_list); + grpc_httpcli_set_override (httpcli_get_should_not_be_called, refresh_token_httpcli_post_success); + grpc_credentials_get_request_metadata (refresh_token_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *) test_user_data, &closure_list); + grpc_closure_list_run (&closure_list); /* Second request: the cached token should be served directly. */ - grpc_httpcli_set_override(httpcli_get_should_not_be_called, - httpcli_post_should_not_be_called); - grpc_credentials_get_request_metadata(refresh_token_creds, NULL, - test_service_url, - on_oauth2_creds_get_metadata_success, - (void *)test_user_data, &closure_list); - grpc_closure_list_run(&closure_list); + grpc_httpcli_set_override (httpcli_get_should_not_be_called, httpcli_post_should_not_be_called); + grpc_credentials_get_request_metadata (refresh_token_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_success, (void *) test_user_data, &closure_list); + grpc_closure_list_run (&closure_list); - grpc_credentials_unref(refresh_token_creds); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + grpc_credentials_unref (refresh_token_creds); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static void test_refresh_token_creds_failure(void) { +static void +test_refresh_token_creds_failure (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *refresh_token_creds = - grpc_google_refresh_token_credentials_create(test_refresh_token_str, - NULL); - grpc_httpcli_set_override(httpcli_get_should_not_be_called, - refresh_token_httpcli_post_failure); - GPR_ASSERT(grpc_credentials_has_request_metadata(refresh_token_creds)); - GPR_ASSERT(grpc_credentials_has_request_metadata_only(refresh_token_creds)); - grpc_credentials_get_request_metadata(refresh_token_creds, NULL, - test_service_url, - on_oauth2_creds_get_metadata_failure, - (void *)test_user_data, &closure_list); - grpc_credentials_unref(refresh_token_creds); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); -} - -static void validate_jwt_encode_and_sign_params( - const grpc_auth_json_key *json_key, const char *scope, - gpr_timespec token_lifetime) { - GPR_ASSERT(grpc_auth_json_key_is_valid(json_key)); - GPR_ASSERT(json_key->private_key != NULL); - GPR_ASSERT(RSA_check_key(json_key->private_key)); - GPR_ASSERT(json_key->type != NULL && - strcmp(json_key->type, "service_account") == 0); - GPR_ASSERT(json_key->private_key_id != NULL && - strcmp(json_key->private_key_id, - "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0); - GPR_ASSERT(json_key->client_id != NULL && - strcmp(json_key->client_id, - "777-abaslkan11hlb6nmim3bpspl31ud.apps." - "googleusercontent.com") == 0); - GPR_ASSERT(json_key->client_email != NULL && - strcmp(json_key->client_email, - "777-abaslkan11hlb6nmim3bpspl31ud@developer." - "gserviceaccount.com") == 0); - if (scope != NULL) GPR_ASSERT(strcmp(scope, test_scope) == 0); - GPR_ASSERT(!gpr_time_cmp(token_lifetime, grpc_max_auth_token_lifetime)); -} - -static char *encode_and_sign_jwt_success(const grpc_auth_json_key *json_key, - const char *audience, - gpr_timespec token_lifetime, - const char *scope) { - validate_jwt_encode_and_sign_params(json_key, scope, token_lifetime); - return gpr_strdup(test_signed_jwt); -} - -static char *encode_and_sign_jwt_failure(const grpc_auth_json_key *json_key, - const char *audience, - gpr_timespec token_lifetime, - const char *scope) { - validate_jwt_encode_and_sign_params(json_key, scope, token_lifetime); + grpc_credentials *refresh_token_creds = grpc_google_refresh_token_credentials_create (test_refresh_token_str, + NULL); + grpc_httpcli_set_override (httpcli_get_should_not_be_called, refresh_token_httpcli_post_failure); + GPR_ASSERT (grpc_credentials_has_request_metadata (refresh_token_creds)); + GPR_ASSERT (grpc_credentials_has_request_metadata_only (refresh_token_creds)); + grpc_credentials_get_request_metadata (refresh_token_creds, NULL, test_service_url, on_oauth2_creds_get_metadata_failure, (void *) test_user_data, &closure_list); + grpc_credentials_unref (refresh_token_creds); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); +} + +static void +validate_jwt_encode_and_sign_params (const grpc_auth_json_key * json_key, const char *scope, gpr_timespec token_lifetime) +{ + GPR_ASSERT (grpc_auth_json_key_is_valid (json_key)); + GPR_ASSERT (json_key->private_key != NULL); + GPR_ASSERT (RSA_check_key (json_key->private_key)); + GPR_ASSERT (json_key->type != NULL && strcmp (json_key->type, "service_account") == 0); + GPR_ASSERT (json_key->private_key_id != NULL && strcmp (json_key->private_key_id, "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0); + GPR_ASSERT (json_key->client_id != NULL && strcmp (json_key->client_id, "777-abaslkan11hlb6nmim3bpspl31ud.apps." "googleusercontent.com") == 0); + GPR_ASSERT (json_key->client_email != NULL && strcmp (json_key->client_email, "777-abaslkan11hlb6nmim3bpspl31ud@developer." "gserviceaccount.com") == 0); + if (scope != NULL) + GPR_ASSERT (strcmp (scope, test_scope) == 0); + GPR_ASSERT (!gpr_time_cmp (token_lifetime, grpc_max_auth_token_lifetime)); +} + +static char * +encode_and_sign_jwt_success (const grpc_auth_json_key * json_key, const char *audience, gpr_timespec token_lifetime, const char *scope) +{ + validate_jwt_encode_and_sign_params (json_key, scope, token_lifetime); + return gpr_strdup (test_signed_jwt); +} + +static char * +encode_and_sign_jwt_failure (const grpc_auth_json_key * json_key, const char *audience, gpr_timespec token_lifetime, const char *scope) +{ + validate_jwt_encode_and_sign_params (json_key, scope, token_lifetime); return NULL; } -static char *encode_and_sign_jwt_should_not_be_called( - const grpc_auth_json_key *json_key, const char *audience, - gpr_timespec token_lifetime, const char *scope) { - GPR_ASSERT("grpc_jwt_encode_and_sign should not be called" == NULL); +static char * +encode_and_sign_jwt_should_not_be_called (const grpc_auth_json_key * json_key, const char *audience, gpr_timespec token_lifetime, const char *scope) +{ + GPR_ASSERT ("grpc_jwt_encode_and_sign should not be called" == NULL); } -static void on_jwt_creds_get_metadata_success(void *user_data, - grpc_credentials_md *md_elems, - size_t num_md, - grpc_credentials_status status, - grpc_closure_list *closure_list) { +static void +on_jwt_creds_get_metadata_success (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ char *expected_md_value; - gpr_asprintf(&expected_md_value, "Bearer %s", test_signed_jwt); - GPR_ASSERT(status == GRPC_CREDENTIALS_OK); - GPR_ASSERT(num_md == 1); - GPR_ASSERT(gpr_slice_str_cmp(md_elems[0].key, "Authorization") == 0); - GPR_ASSERT(gpr_slice_str_cmp(md_elems[0].value, expected_md_value) == 0); - GPR_ASSERT(user_data != NULL); - GPR_ASSERT(strcmp((const char *)user_data, test_user_data) == 0); - gpr_free(expected_md_value); -} - -static void on_jwt_creds_get_metadata_failure(void *user_data, - grpc_credentials_md *md_elems, - size_t num_md, - grpc_credentials_status status, - grpc_closure_list *closure_list) { - GPR_ASSERT(status == GRPC_CREDENTIALS_ERROR); - GPR_ASSERT(num_md == 0); - GPR_ASSERT(user_data != NULL); - GPR_ASSERT(strcmp((const char *)user_data, test_user_data) == 0); -} - -static void test_jwt_creds_success(void) { - char *json_key_string = test_json_key_str(); + gpr_asprintf (&expected_md_value, "Bearer %s", test_signed_jwt); + GPR_ASSERT (status == GRPC_CREDENTIALS_OK); + GPR_ASSERT (num_md == 1); + GPR_ASSERT (gpr_slice_str_cmp (md_elems[0].key, "Authorization") == 0); + GPR_ASSERT (gpr_slice_str_cmp (md_elems[0].value, expected_md_value) == 0); + GPR_ASSERT (user_data != NULL); + GPR_ASSERT (strcmp ((const char *) user_data, test_user_data) == 0); + gpr_free (expected_md_value); +} + +static void +on_jwt_creds_get_metadata_failure (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ + GPR_ASSERT (status == GRPC_CREDENTIALS_ERROR); + GPR_ASSERT (num_md == 0); + GPR_ASSERT (user_data != NULL); + GPR_ASSERT (strcmp ((const char *) user_data, test_user_data) == 0); +} + +static void +test_jwt_creds_success (void) +{ + char *json_key_string = test_json_key_str (); grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *jwt_creds = - grpc_service_account_jwt_access_credentials_create( - json_key_string, grpc_max_auth_token_lifetime, NULL); - GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds)); - GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds)); + grpc_credentials *jwt_creds = grpc_service_account_jwt_access_credentials_create (json_key_string, grpc_max_auth_token_lifetime, NULL); + GPR_ASSERT (grpc_credentials_has_request_metadata (jwt_creds)); + GPR_ASSERT (grpc_credentials_has_request_metadata_only (jwt_creds)); /* First request: jwt_encode_and_sign should be called. */ - grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); - grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, - on_jwt_creds_get_metadata_success, - (void *)test_user_data, &closure_list); - grpc_closure_list_run(&closure_list); + grpc_jwt_encode_and_sign_set_override (encode_and_sign_jwt_success); + grpc_credentials_get_request_metadata (jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_success, (void *) test_user_data, &closure_list); + grpc_closure_list_run (&closure_list); /* Second request: the cached token should be served directly. */ - grpc_jwt_encode_and_sign_set_override( - encode_and_sign_jwt_should_not_be_called); - grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, - on_jwt_creds_get_metadata_success, - (void *)test_user_data, &closure_list); - grpc_closure_list_run(&closure_list); + grpc_jwt_encode_and_sign_set_override (encode_and_sign_jwt_should_not_be_called); + grpc_credentials_get_request_metadata (jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_success, (void *) test_user_data, &closure_list); + grpc_closure_list_run (&closure_list); /* Third request: Different service url so jwt_encode_and_sign should be called again (no caching). */ - grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_success); - grpc_credentials_get_request_metadata(jwt_creds, NULL, other_test_service_url, - on_jwt_creds_get_metadata_success, - (void *)test_user_data, &closure_list); - grpc_closure_list_run(&closure_list); + grpc_jwt_encode_and_sign_set_override (encode_and_sign_jwt_success); + grpc_credentials_get_request_metadata (jwt_creds, NULL, other_test_service_url, on_jwt_creds_get_metadata_success, (void *) test_user_data, &closure_list); + grpc_closure_list_run (&closure_list); - gpr_free(json_key_string); - grpc_credentials_unref(jwt_creds); - grpc_jwt_encode_and_sign_set_override(NULL); + gpr_free (json_key_string); + grpc_credentials_unref (jwt_creds); + grpc_jwt_encode_and_sign_set_override (NULL); } -static void test_jwt_creds_signing_failure(void) { - char *json_key_string = test_json_key_str(); +static void +test_jwt_creds_signing_failure (void) +{ + char *json_key_string = test_json_key_str (); grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_credentials *jwt_creds = - grpc_service_account_jwt_access_credentials_create( - json_key_string, grpc_max_auth_token_lifetime, NULL); - GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds)); - GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds)); - - grpc_jwt_encode_and_sign_set_override(encode_and_sign_jwt_failure); - grpc_credentials_get_request_metadata(jwt_creds, NULL, test_service_url, - on_jwt_creds_get_metadata_failure, - (void *)test_user_data, &closure_list); - - gpr_free(json_key_string); - grpc_credentials_unref(jwt_creds); - grpc_jwt_encode_and_sign_set_override(NULL); - grpc_closure_list_run(&closure_list); -} - -static void set_google_default_creds_env_var_with_file_contents( - const char *file_prefix, const char *contents) { - size_t contents_len = strlen(contents); - char *creds_file_name; - FILE *creds_file = gpr_tmpfile(file_prefix, &creds_file_name); - GPR_ASSERT(creds_file_name != NULL); - GPR_ASSERT(creds_file != NULL); - GPR_ASSERT(fwrite(contents, 1, contents_len, creds_file) == contents_len); - fclose(creds_file); - gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, creds_file_name); - gpr_free(creds_file_name); + grpc_credentials *jwt_creds = grpc_service_account_jwt_access_credentials_create (json_key_string, grpc_max_auth_token_lifetime, NULL); + GPR_ASSERT (grpc_credentials_has_request_metadata (jwt_creds)); + GPR_ASSERT (grpc_credentials_has_request_metadata_only (jwt_creds)); + + grpc_jwt_encode_and_sign_set_override (encode_and_sign_jwt_failure); + grpc_credentials_get_request_metadata (jwt_creds, NULL, test_service_url, on_jwt_creds_get_metadata_failure, (void *) test_user_data, &closure_list); + + gpr_free (json_key_string); + grpc_credentials_unref (jwt_creds); + grpc_jwt_encode_and_sign_set_override (NULL); + grpc_closure_list_run (&closure_list); } -static grpc_credentials *composite_inner_creds(grpc_credentials *creds, - const char *inner_creds_type) { +static void +set_google_default_creds_env_var_with_file_contents (const char *file_prefix, const char *contents) +{ + size_t contents_len = strlen (contents); + char *creds_file_name; + FILE *creds_file = gpr_tmpfile (file_prefix, &creds_file_name); + GPR_ASSERT (creds_file_name != NULL); + GPR_ASSERT (creds_file != NULL); + GPR_ASSERT (fwrite (contents, 1, contents_len, creds_file) == contents_len); + fclose (creds_file); + gpr_setenv (GRPC_GOOGLE_CREDENTIALS_ENV_VAR, creds_file_name); + gpr_free (creds_file_name); +} + +static grpc_credentials * +composite_inner_creds (grpc_credentials * creds, const char *inner_creds_type) +{ size_t i; grpc_composite_credentials *composite; - GPR_ASSERT(strcmp(creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); - composite = (grpc_composite_credentials *)creds; - for (i = 0; i < composite->inner.num_creds; i++) { - grpc_credentials *c = composite->inner.creds_array[i]; - if (strcmp(c->type, inner_creds_type) == 0) return c; - } - GPR_ASSERT(0); /* Not found. */ + GPR_ASSERT (strcmp (creds->type, GRPC_CREDENTIALS_TYPE_COMPOSITE) == 0); + composite = (grpc_composite_credentials *) creds; + for (i = 0; i < composite->inner.num_creds; i++) + { + grpc_credentials *c = composite->inner.creds_array[i]; + if (strcmp (c->type, inner_creds_type) == 0) + return c; + } + GPR_ASSERT (0); /* Not found. */ } -static void test_google_default_creds_auth_key(void) { +static void +test_google_default_creds_auth_key (void) +{ grpc_service_account_jwt_access_credentials *jwt; grpc_credentials *creds; - char *json_key = test_json_key_str(); - grpc_flush_cached_google_default_credentials(); - set_google_default_creds_env_var_with_file_contents( - "json_key_google_default_creds", json_key); - gpr_free(json_key); - creds = grpc_google_default_credentials_create(); - GPR_ASSERT(creds != NULL); - jwt = (grpc_service_account_jwt_access_credentials *)composite_inner_creds( - creds, GRPC_CREDENTIALS_TYPE_JWT); - GPR_ASSERT( - strcmp(jwt->key.client_id, - "777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent.com") == - 0); - grpc_credentials_unref(creds); - gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */ -} - -static void test_google_default_creds_access_token(void) { + char *json_key = test_json_key_str (); + grpc_flush_cached_google_default_credentials (); + set_google_default_creds_env_var_with_file_contents ("json_key_google_default_creds", json_key); + gpr_free (json_key); + creds = grpc_google_default_credentials_create (); + GPR_ASSERT (creds != NULL); + jwt = (grpc_service_account_jwt_access_credentials *) composite_inner_creds (creds, GRPC_CREDENTIALS_TYPE_JWT); + GPR_ASSERT (strcmp (jwt->key.client_id, "777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent.com") == 0); + grpc_credentials_unref (creds); + gpr_setenv (GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */ +} + +static void +test_google_default_creds_access_token (void) +{ grpc_google_refresh_token_credentials *refresh; grpc_credentials *creds; - grpc_flush_cached_google_default_credentials(); - set_google_default_creds_env_var_with_file_contents( - "refresh_token_google_default_creds", test_refresh_token_str); - creds = grpc_google_default_credentials_create(); - GPR_ASSERT(creds != NULL); - refresh = (grpc_google_refresh_token_credentials *)composite_inner_creds( - creds, GRPC_CREDENTIALS_TYPE_OAUTH2); - GPR_ASSERT(strcmp(refresh->refresh_token.client_id, - "32555999999.apps.googleusercontent.com") == 0); - grpc_credentials_unref(creds); - gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */ -} - -typedef enum { + grpc_flush_cached_google_default_credentials (); + set_google_default_creds_env_var_with_file_contents ("refresh_token_google_default_creds", test_refresh_token_str); + creds = grpc_google_default_credentials_create (); + GPR_ASSERT (creds != NULL); + refresh = (grpc_google_refresh_token_credentials *) composite_inner_creds (creds, GRPC_CREDENTIALS_TYPE_OAUTH2); + GPR_ASSERT (strcmp (refresh->refresh_token.client_id, "32555999999.apps.googleusercontent.com") == 0); + grpc_credentials_unref (creds); + gpr_setenv (GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */ +} + +typedef enum +{ PLUGIN_INITIAL_STATE, PLUGIN_GET_METADATA_CALLED_STATE, PLUGIN_DESTROY_CALLED_STATE } plugin_state; -typedef struct { +typedef struct +{ const char *key; const char *value; } plugin_metadata; -static const plugin_metadata plugin_md[] = {{"foo", "bar"}, {"hi", "there"}}; +static const plugin_metadata plugin_md[] = { {"foo", "bar"}, {"hi", "there"} }; -static void plugin_get_metadata_success(void *state, const char *service_url, - grpc_credentials_plugin_metadata_cb cb, - void *user_data) { +static void +plugin_get_metadata_success (void *state, const char *service_url, grpc_credentials_plugin_metadata_cb cb, void *user_data) +{ size_t i; - grpc_metadata md[GPR_ARRAY_SIZE(plugin_md)]; - plugin_state *s = (plugin_state *)state; - GPR_ASSERT(strcmp(service_url, test_service_url) == 0); + grpc_metadata md[GPR_ARRAY_SIZE (plugin_md)]; + plugin_state *s = (plugin_state *) state; + GPR_ASSERT (strcmp (service_url, test_service_url) == 0); *s = PLUGIN_GET_METADATA_CALLED_STATE; - for (i = 0; i < GPR_ARRAY_SIZE(plugin_md); i++) { - memset(&md[i], 0, sizeof(grpc_metadata)); - md[i].key = plugin_md[i].key; - md[i].value = plugin_md[i].value; - md[i].value_length = strlen(plugin_md[i].value); - } - cb(user_data, md, GPR_ARRAY_SIZE(md), GRPC_STATUS_OK, NULL); -} - -static void plugin_get_metadata_failure(void *state, const char *service_url, - grpc_credentials_plugin_metadata_cb cb, - void *user_data) { - plugin_state *s = (plugin_state *)state; - GPR_ASSERT(strcmp(service_url, test_service_url) == 0); + for (i = 0; i < GPR_ARRAY_SIZE (plugin_md); i++) + { + memset (&md[i], 0, sizeof (grpc_metadata)); + md[i].key = plugin_md[i].key; + md[i].value = plugin_md[i].value; + md[i].value_length = strlen (plugin_md[i].value); + } + cb (user_data, md, GPR_ARRAY_SIZE (md), GRPC_STATUS_OK, NULL); +} + +static void +plugin_get_metadata_failure (void *state, const char *service_url, grpc_credentials_plugin_metadata_cb cb, void *user_data) +{ + plugin_state *s = (plugin_state *) state; + GPR_ASSERT (strcmp (service_url, test_service_url) == 0); *s = PLUGIN_GET_METADATA_CALLED_STATE; - cb(user_data, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, - "Could not get metadata for plugin."); + cb (user_data, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, "Could not get metadata for plugin."); } -static void on_plugin_metadata_received_success( - void *user_data, grpc_credentials_md *md_elems, size_t num_md, - grpc_credentials_status status, grpc_closure_list *closure_list) { +static void +on_plugin_metadata_received_success (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ size_t i = 0; - GPR_ASSERT(user_data == NULL); - GPR_ASSERT(md_elems != NULL); - GPR_ASSERT(num_md == GPR_ARRAY_SIZE(plugin_md)); - for (i = 0; i < num_md; i++) { - GPR_ASSERT(gpr_slice_str_cmp(md_elems[i].key, plugin_md[i].key) == 0); - GPR_ASSERT(gpr_slice_str_cmp(md_elems[i].value, plugin_md[i].value) == 0); - } -} - -static void on_plugin_metadata_received_failure( - void *user_data, grpc_credentials_md *md_elems, size_t num_md, - grpc_credentials_status status, grpc_closure_list *closure_list) { - GPR_ASSERT(user_data == NULL); - GPR_ASSERT(md_elems == NULL); - GPR_ASSERT(num_md == 0); - GPR_ASSERT(status == GRPC_CREDENTIALS_ERROR); -} - -static void plugin_destroy(void *state) { - plugin_state *s = (plugin_state *)state; + GPR_ASSERT (user_data == NULL); + GPR_ASSERT (md_elems != NULL); + GPR_ASSERT (num_md == GPR_ARRAY_SIZE (plugin_md)); + for (i = 0; i < num_md; i++) + { + GPR_ASSERT (gpr_slice_str_cmp (md_elems[i].key, plugin_md[i].key) == 0); + GPR_ASSERT (gpr_slice_str_cmp (md_elems[i].value, plugin_md[i].value) == 0); + } +} + +static void +on_plugin_metadata_received_failure (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ + GPR_ASSERT (user_data == NULL); + GPR_ASSERT (md_elems == NULL); + GPR_ASSERT (num_md == 0); + GPR_ASSERT (status == GRPC_CREDENTIALS_ERROR); +} + +static void +plugin_destroy (void *state) +{ + plugin_state *s = (plugin_state *) state; *s = PLUGIN_DESTROY_CALLED_STATE; } -static void test_metadata_plugin_success(void) { +static void +test_metadata_plugin_success (void) +{ grpc_credentials *creds; plugin_state state = PLUGIN_INITIAL_STATE; grpc_metadata_credentials_plugin plugin; @@ -952,18 +852,18 @@ static void test_metadata_plugin_success(void) { plugin.get_metadata = plugin_get_metadata_success; plugin.destroy = plugin_destroy; - creds = grpc_metadata_credentials_create_from_plugin(plugin, NULL); - GPR_ASSERT(state == PLUGIN_INITIAL_STATE); - grpc_credentials_get_request_metadata(creds, NULL, test_service_url, - on_plugin_metadata_received_success, - NULL, &closure_list); - GPR_ASSERT(state == PLUGIN_GET_METADATA_CALLED_STATE); - grpc_credentials_release(creds); - GPR_ASSERT(state == PLUGIN_DESTROY_CALLED_STATE); - grpc_closure_list_run(&closure_list); + creds = grpc_metadata_credentials_create_from_plugin (plugin, NULL); + GPR_ASSERT (state == PLUGIN_INITIAL_STATE); + grpc_credentials_get_request_metadata (creds, NULL, test_service_url, on_plugin_metadata_received_success, NULL, &closure_list); + GPR_ASSERT (state == PLUGIN_GET_METADATA_CALLED_STATE); + grpc_credentials_release (creds); + GPR_ASSERT (state == PLUGIN_DESTROY_CALLED_STATE); + grpc_closure_list_run (&closure_list); } -static void test_metadata_plugin_failure(void) { +static void +test_metadata_plugin_failure (void) +{ grpc_credentials *creds; plugin_state state = PLUGIN_INITIAL_STATE; grpc_metadata_credentials_plugin plugin; @@ -973,45 +873,45 @@ static void test_metadata_plugin_failure(void) { plugin.get_metadata = plugin_get_metadata_failure; plugin.destroy = plugin_destroy; - creds = grpc_metadata_credentials_create_from_plugin(plugin, NULL); - GPR_ASSERT(state == PLUGIN_INITIAL_STATE); - grpc_credentials_get_request_metadata(creds, NULL, test_service_url, - on_plugin_metadata_received_failure, - NULL, &closure_list); - GPR_ASSERT(state == PLUGIN_GET_METADATA_CALLED_STATE); - grpc_credentials_release(creds); - GPR_ASSERT(state == PLUGIN_DESTROY_CALLED_STATE); - grpc_closure_list_run(&closure_list); -} - -int main(int argc, char **argv) { - grpc_test_init(argc, argv); - test_empty_md_store(); - test_ref_unref_empty_md_store(); - test_add_to_empty_md_store(); - test_add_cstrings_to_empty_md_store(); - test_empty_preallocated_md_store(); - test_add_abunch_to_md_store(); - test_oauth2_token_fetcher_creds_parsing_ok(); - test_oauth2_token_fetcher_creds_parsing_bad_http_status(); - test_oauth2_token_fetcher_creds_parsing_empty_http_body(); - test_oauth2_token_fetcher_creds_parsing_invalid_json(); - test_oauth2_token_fetcher_creds_parsing_missing_token(); - test_oauth2_token_fetcher_creds_parsing_missing_token_type(); - test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime(); - test_google_iam_creds(); - test_access_token_creds(); - test_ssl_oauth2_composite_creds(); - test_ssl_oauth2_google_iam_composite_creds(); - test_compute_engine_creds_success(); - test_compute_engine_creds_failure(); - test_refresh_token_creds_success(); - test_refresh_token_creds_failure(); - test_jwt_creds_success(); - test_jwt_creds_signing_failure(); - test_google_default_creds_auth_key(); - test_google_default_creds_access_token(); - test_metadata_plugin_success(); - test_metadata_plugin_failure(); + creds = grpc_metadata_credentials_create_from_plugin (plugin, NULL); + GPR_ASSERT (state == PLUGIN_INITIAL_STATE); + grpc_credentials_get_request_metadata (creds, NULL, test_service_url, on_plugin_metadata_received_failure, NULL, &closure_list); + GPR_ASSERT (state == PLUGIN_GET_METADATA_CALLED_STATE); + grpc_credentials_release (creds); + GPR_ASSERT (state == PLUGIN_DESTROY_CALLED_STATE); + grpc_closure_list_run (&closure_list); +} + +int +main (int argc, char **argv) +{ + grpc_test_init (argc, argv); + test_empty_md_store (); + test_ref_unref_empty_md_store (); + test_add_to_empty_md_store (); + test_add_cstrings_to_empty_md_store (); + test_empty_preallocated_md_store (); + test_add_abunch_to_md_store (); + test_oauth2_token_fetcher_creds_parsing_ok (); + test_oauth2_token_fetcher_creds_parsing_bad_http_status (); + test_oauth2_token_fetcher_creds_parsing_empty_http_body (); + test_oauth2_token_fetcher_creds_parsing_invalid_json (); + test_oauth2_token_fetcher_creds_parsing_missing_token (); + test_oauth2_token_fetcher_creds_parsing_missing_token_type (); + test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime (); + test_google_iam_creds (); + test_access_token_creds (); + test_ssl_oauth2_composite_creds (); + test_ssl_oauth2_google_iam_composite_creds (); + test_compute_engine_creds_success (); + test_compute_engine_creds_failure (); + test_refresh_token_creds_success (); + test_refresh_token_creds_failure (); + test_jwt_creds_success (); + test_jwt_creds_signing_failure (); + test_google_default_creds_auth_key (); + test_google_default_creds_access_token (); + test_metadata_plugin_success (); + test_metadata_plugin_failure (); return 0; } diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c index 764d8da9b6..529d455b85 100644 --- a/test/core/security/fetch_oauth2.c +++ b/test/core/security/fetch_oauth2.c @@ -46,77 +46,78 @@ #include "src/core/support/file.h" #include "test/core/security/oauth2_utils.h" -static grpc_credentials *create_refresh_token_creds( - const char *json_refresh_token_file_path) { +static grpc_credentials * +create_refresh_token_creds (const char *json_refresh_token_file_path) +{ int success; - gpr_slice refresh_token = - gpr_load_file(json_refresh_token_file_path, 1, &success); - if (!success) { - gpr_log(GPR_ERROR, "Could not read file %s.", json_refresh_token_file_path); - exit(1); - } - return grpc_google_refresh_token_credentials_create( - (const char *)GPR_SLICE_START_PTR(refresh_token), NULL); + gpr_slice refresh_token = gpr_load_file (json_refresh_token_file_path, 1, &success); + if (!success) + { + gpr_log (GPR_ERROR, "Could not read file %s.", json_refresh_token_file_path); + exit (1); + } + return grpc_google_refresh_token_credentials_create ((const char *) GPR_SLICE_START_PTR (refresh_token), NULL); } -int main(int argc, char **argv) { +int +main (int argc, char **argv) +{ grpc_credentials *creds = NULL; char *json_key_file_path = NULL; char *json_refresh_token_file_path = NULL; char *token = NULL; int use_gce = 0; char *scope = NULL; - gpr_cmdline *cl = gpr_cmdline_create("fetch_oauth2"); - gpr_cmdline_add_string(cl, "json_refresh_token", - "File path of the json refresh token.", - &json_refresh_token_file_path); - gpr_cmdline_add_flag( - cl, "gce", - "Get a token from the GCE metadata server (only works in GCE).", - &use_gce); - gpr_cmdline_parse(cl, argc, argv); + gpr_cmdline *cl = gpr_cmdline_create ("fetch_oauth2"); + gpr_cmdline_add_string (cl, "json_refresh_token", "File path of the json refresh token.", &json_refresh_token_file_path); + gpr_cmdline_add_flag (cl, "gce", "Get a token from the GCE metadata server (only works in GCE).", &use_gce); + gpr_cmdline_parse (cl, argc, argv); - grpc_init(); + grpc_init (); - if (json_key_file_path != NULL && json_refresh_token_file_path != NULL) { - gpr_log(GPR_ERROR, - "--json_key and --json_refresh_token are mutually exclusive."); - exit(1); - } + if (json_key_file_path != NULL && json_refresh_token_file_path != NULL) + { + gpr_log (GPR_ERROR, "--json_key and --json_refresh_token are mutually exclusive."); + exit (1); + } - if (use_gce) { - if (json_key_file_path != NULL || scope != NULL) { - gpr_log(GPR_INFO, - "Ignoring json key and scope to get a token from the GCE " - "metadata server."); + if (use_gce) + { + if (json_key_file_path != NULL || scope != NULL) + { + gpr_log (GPR_INFO, "Ignoring json key and scope to get a token from the GCE " "metadata server."); + } + creds = grpc_google_compute_engine_credentials_create (NULL); + if (creds == NULL) + { + gpr_log (GPR_ERROR, "Could not create gce credentials."); + exit (1); + } } - creds = grpc_google_compute_engine_credentials_create(NULL); - if (creds == NULL) { - gpr_log(GPR_ERROR, "Could not create gce credentials."); - exit(1); + else if (json_refresh_token_file_path != NULL) + { + creds = create_refresh_token_creds (json_refresh_token_file_path); + if (creds == NULL) + { + gpr_log (GPR_ERROR, "Could not create refresh token creds. %s does probably not " "contain a valid json refresh token.", json_refresh_token_file_path); + exit (1); + } } - } else if (json_refresh_token_file_path != NULL) { - creds = create_refresh_token_creds(json_refresh_token_file_path); - if (creds == NULL) { - gpr_log(GPR_ERROR, - "Could not create refresh token creds. %s does probably not " - "contain a valid json refresh token.", - json_refresh_token_file_path); - exit(1); + else + { + gpr_log (GPR_ERROR, "Missing --gce or --json_refresh_token option."); + exit (1); } - } else { - gpr_log(GPR_ERROR, "Missing --gce or --json_refresh_token option."); - exit(1); - } - GPR_ASSERT(creds != NULL); + GPR_ASSERT (creds != NULL); - token = grpc_test_fetch_oauth2_token_with_credentials(creds); - if (token != NULL) { - printf("Got token: %s.\n", token); - gpr_free(token); - } - grpc_credentials_release(creds); - gpr_cmdline_destroy(cl); - grpc_shutdown(); + token = grpc_test_fetch_oauth2_token_with_credentials (creds); + if (token != NULL) + { + printf ("Got token: %s.\n", token); + gpr_free (token); + } + grpc_credentials_release (creds); + gpr_cmdline_destroy (cl); + grpc_shutdown (); return 0; } diff --git a/test/core/security/json_token_test.c b/test/core/security/json_token_test.c index 740fd018b6..d57340f107 100644 --- a/test/core/security/json_token_test.c +++ b/test/core/security/json_token_test.c @@ -47,230 +47,174 @@ /* This JSON key was generated with the GCE console and revoked immediately. The identifiers have been changed as well. Maximum size for a string literal is 509 chars in C89, yay! */ -static const char test_json_key_str_part1[] = - "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----" - "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE" - "qg" - "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/" - "rWBQvS4hle4LfijkP3J5BG+" - "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+" - "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/" - "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/" - "8HpCqFYM9V8f34SBWfD4fRFT+n/" - "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"; -static const char test_json_key_str_part2[] = - "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+" - "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/" - "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA" - "G" - "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz" - "A" - "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+" - "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/" - "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ" - "Y" - "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "; -static const char test_json_key_str_part3[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; +static const char test_json_key_str_part1[] = "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----" "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE" "qg" "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/" "rWBQvS4hle4LfijkP3J5BG+" "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+" "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/" "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/" "8HpCqFYM9V8f34SBWfD4fRFT+n/" "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"; +static const char test_json_key_str_part2[] = "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+" "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/" "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA" "G" "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz" "A" "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+" "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/" "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ" "Y" "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "; +static const char test_json_key_str_part3[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; /* Test refresh token. */ -static const char test_refresh_token_str[] = - "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," - " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," - " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"," - " \"type\": \"authorized_user\"}"; +static const char test_refresh_token_str[] = "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"," " \"type\": \"authorized_user\"}"; static const char test_scope[] = "myperm1 myperm2"; static const char test_service_url[] = "https://foo.com/foo.v1"; -static char *test_json_key_str(const char *bad_part3) { +static char * +test_json_key_str (const char *bad_part3) +{ const char *part3 = bad_part3 != NULL ? bad_part3 : test_json_key_str_part3; - size_t result_len = strlen(test_json_key_str_part1) + - strlen(test_json_key_str_part2) + strlen(part3); - char *result = gpr_malloc(result_len + 1); + size_t result_len = strlen (test_json_key_str_part1) + strlen (test_json_key_str_part2) + strlen (part3); + char *result = gpr_malloc (result_len + 1); char *current = result; - strcpy(result, test_json_key_str_part1); - current += strlen(test_json_key_str_part1); - strcpy(current, test_json_key_str_part2); - current += strlen(test_json_key_str_part2); - strcpy(current, part3); + strcpy (result, test_json_key_str_part1); + current += strlen (test_json_key_str_part1); + strcpy (current, test_json_key_str_part2); + current += strlen (test_json_key_str_part2); + strcpy (current, part3); return result; } -static void test_parse_json_key_success(void) { - char *json_string = test_json_key_str(NULL); - grpc_auth_json_key json_key = - grpc_auth_json_key_create_from_string(json_string); - GPR_ASSERT(grpc_auth_json_key_is_valid(&json_key)); - GPR_ASSERT(json_key.type != NULL && - strcmp(json_key.type, "service_account") == 0); - GPR_ASSERT(json_key.private_key_id != NULL && - strcmp(json_key.private_key_id, - "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0); - GPR_ASSERT(json_key.client_id != NULL && - strcmp(json_key.client_id, - "777-abaslkan11hlb6nmim3bpspl31ud.apps." - "googleusercontent.com") == 0); - GPR_ASSERT(json_key.client_email != NULL && - strcmp(json_key.client_email, - "777-abaslkan11hlb6nmim3bpspl31ud@developer." - "gserviceaccount.com") == 0); - GPR_ASSERT(json_key.private_key != NULL); - gpr_free(json_string); - grpc_auth_json_key_destruct(&json_key); +static void +test_parse_json_key_success (void) +{ + char *json_string = test_json_key_str (NULL); + grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string (json_string); + GPR_ASSERT (grpc_auth_json_key_is_valid (&json_key)); + GPR_ASSERT (json_key.type != NULL && strcmp (json_key.type, "service_account") == 0); + GPR_ASSERT (json_key.private_key_id != NULL && strcmp (json_key.private_key_id, "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0); + GPR_ASSERT (json_key.client_id != NULL && strcmp (json_key.client_id, "777-abaslkan11hlb6nmim3bpspl31ud.apps." "googleusercontent.com") == 0); + GPR_ASSERT (json_key.client_email != NULL && strcmp (json_key.client_email, "777-abaslkan11hlb6nmim3bpspl31ud@developer." "gserviceaccount.com") == 0); + GPR_ASSERT (json_key.private_key != NULL); + gpr_free (json_string); + grpc_auth_json_key_destruct (&json_key); } -static void test_parse_json_key_failure_bad_json(void) { - const char non_closing_part3[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" "; - char *json_string = test_json_key_str(non_closing_part3); - grpc_auth_json_key json_key = - grpc_auth_json_key_create_from_string(json_string); - GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); - gpr_free(json_string); - grpc_auth_json_key_destruct(&json_key); +static void +test_parse_json_key_failure_bad_json (void) +{ + const char non_closing_part3[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" "; + char *json_string = test_json_key_str (non_closing_part3); + grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string (json_string); + GPR_ASSERT (!grpc_auth_json_key_is_valid (&json_key)); + gpr_free (json_string); + grpc_auth_json_key_destruct (&json_key); } -static void test_parse_json_key_failure_no_type(void) { - const char no_type_part3[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\" }"; - char *json_string = test_json_key_str(no_type_part3); - grpc_auth_json_key json_key = - grpc_auth_json_key_create_from_string(json_string); - GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); - gpr_free(json_string); - grpc_auth_json_key_destruct(&json_key); +static void +test_parse_json_key_failure_no_type (void) +{ + const char no_type_part3[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\" }"; + char *json_string = test_json_key_str (no_type_part3); + grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string (json_string); + GPR_ASSERT (!grpc_auth_json_key_is_valid (&json_key)); + gpr_free (json_string); + grpc_auth_json_key_destruct (&json_key); } -static void test_parse_json_key_failure_no_client_id(void) { - const char no_client_id_part3[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", " - "\"type\": \"service_account\" }"; - char *json_string = test_json_key_str(no_client_id_part3); - grpc_auth_json_key json_key = - grpc_auth_json_key_create_from_string(json_string); - GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); - gpr_free(json_string); - grpc_auth_json_key_destruct(&json_key); +static void +test_parse_json_key_failure_no_client_id (void) +{ + const char no_client_id_part3[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", " "\"type\": \"service_account\" }"; + char *json_string = test_json_key_str (no_client_id_part3); + grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string (json_string); + GPR_ASSERT (!grpc_auth_json_key_is_valid (&json_key)); + gpr_free (json_string); + grpc_auth_json_key_destruct (&json_key); } -static void test_parse_json_key_failure_no_client_email(void) { - const char no_client_email_part3[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; - char *json_string = test_json_key_str(no_client_email_part3); - grpc_auth_json_key json_key = - grpc_auth_json_key_create_from_string(json_string); - GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); - gpr_free(json_string); - grpc_auth_json_key_destruct(&json_key); +static void +test_parse_json_key_failure_no_client_email (void) +{ + const char no_client_email_part3[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; + char *json_string = test_json_key_str (no_client_email_part3); + grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string (json_string); + GPR_ASSERT (!grpc_auth_json_key_is_valid (&json_key)); + gpr_free (json_string); + grpc_auth_json_key_destruct (&json_key); } -static void test_parse_json_key_failure_no_private_key_id(void) { - const char no_private_key_id_part3[] = - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; - char *json_string = test_json_key_str(no_private_key_id_part3); - grpc_auth_json_key json_key = - grpc_auth_json_key_create_from_string(json_string); - GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); - gpr_free(json_string); - grpc_auth_json_key_destruct(&json_key); +static void +test_parse_json_key_failure_no_private_key_id (void) +{ + const char no_private_key_id_part3[] = "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; + char *json_string = test_json_key_str (no_private_key_id_part3); + grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string (json_string); + GPR_ASSERT (!grpc_auth_json_key_is_valid (&json_key)); + gpr_free (json_string); + grpc_auth_json_key_destruct (&json_key); } -static void test_parse_json_key_failure_no_private_key(void) { - const char no_private_key_json_string[] = - "{ \"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; - grpc_auth_json_key json_key = - grpc_auth_json_key_create_from_string(no_private_key_json_string); - GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key)); - grpc_auth_json_key_destruct(&json_key); +static void +test_parse_json_key_failure_no_private_key (void) +{ + const char no_private_key_json_string[] = "{ \"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; + grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string (no_private_key_json_string); + GPR_ASSERT (!grpc_auth_json_key_is_valid (&json_key)); + grpc_auth_json_key_destruct (&json_key); } -static grpc_json *parse_json_part_from_jwt(const char *str, size_t len, - char **scratchpad) { +static grpc_json * +parse_json_part_from_jwt (const char *str, size_t len, char **scratchpad) +{ char *b64; char *decoded; grpc_json *json; gpr_slice slice; - b64 = gpr_malloc(len + 1); - strncpy(b64, str, len); + b64 = gpr_malloc (len + 1); + strncpy (b64, str, len); b64[len] = '\0'; - slice = grpc_base64_decode(b64, 1); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(slice)); - decoded = gpr_malloc(GPR_SLICE_LENGTH(slice) + 1); - strncpy(decoded, (const char *)GPR_SLICE_START_PTR(slice), - GPR_SLICE_LENGTH(slice)); - decoded[GPR_SLICE_LENGTH(slice)] = '\0'; - json = grpc_json_parse_string(decoded); - gpr_free(b64); + slice = grpc_base64_decode (b64, 1); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (slice)); + decoded = gpr_malloc (GPR_SLICE_LENGTH (slice) + 1); + strncpy (decoded, (const char *) GPR_SLICE_START_PTR (slice), GPR_SLICE_LENGTH (slice)); + decoded[GPR_SLICE_LENGTH (slice)] = '\0'; + json = grpc_json_parse_string (decoded); + gpr_free (b64); *scratchpad = decoded; - gpr_slice_unref(slice); + gpr_slice_unref (slice); return json; } -static void check_jwt_header(grpc_json *header) { +static void +check_jwt_header (grpc_json * header) +{ grpc_json *ptr; grpc_json *alg = NULL; grpc_json *typ = NULL; grpc_json *kid = NULL; - for (ptr = header->child; ptr; ptr = ptr->next) { - if (strcmp(ptr->key, "alg") == 0) { - alg = ptr; - } else if (strcmp(ptr->key, "typ") == 0) { - typ = ptr; - } else if (strcmp(ptr->key, "kid") == 0) { - kid = ptr; + for (ptr = header->child; ptr; ptr = ptr->next) + { + if (strcmp (ptr->key, "alg") == 0) + { + alg = ptr; + } + else if (strcmp (ptr->key, "typ") == 0) + { + typ = ptr; + } + else if (strcmp (ptr->key, "kid") == 0) + { + kid = ptr; + } } - } - GPR_ASSERT(alg != NULL); - GPR_ASSERT(alg->type == GRPC_JSON_STRING); - GPR_ASSERT(strcmp(alg->value, "RS256") == 0); - - GPR_ASSERT(typ != NULL); - GPR_ASSERT(typ->type == GRPC_JSON_STRING); - GPR_ASSERT(strcmp(typ->value, "JWT") == 0); - - GPR_ASSERT(kid != NULL); - GPR_ASSERT(kid->type == GRPC_JSON_STRING); - GPR_ASSERT(strcmp(kid->value, "e6b5137873db8d2ef81e06a47289e6434ec8a165") == - 0); + GPR_ASSERT (alg != NULL); + GPR_ASSERT (alg->type == GRPC_JSON_STRING); + GPR_ASSERT (strcmp (alg->value, "RS256") == 0); + + GPR_ASSERT (typ != NULL); + GPR_ASSERT (typ->type == GRPC_JSON_STRING); + GPR_ASSERT (strcmp (typ->value, "JWT") == 0); + + GPR_ASSERT (kid != NULL); + GPR_ASSERT (kid->type == GRPC_JSON_STRING); + GPR_ASSERT (strcmp (kid->value, "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0); } -static void check_jwt_claim(grpc_json *claim, const char *expected_audience, - const char *expected_scope) { - gpr_timespec expiration = gpr_time_0(GPR_CLOCK_REALTIME); - gpr_timespec issue_time = gpr_time_0(GPR_CLOCK_REALTIME); +static void +check_jwt_claim (grpc_json * claim, const char *expected_audience, const char *expected_scope) +{ + gpr_timespec expiration = gpr_time_0 (GPR_CLOCK_REALTIME); + gpr_timespec issue_time = gpr_time_0 (GPR_CLOCK_REALTIME); gpr_timespec parsed_lifetime; grpc_json *iss = NULL; grpc_json *scope = NULL; @@ -280,228 +224,231 @@ static void check_jwt_claim(grpc_json *claim, const char *expected_audience, grpc_json *sub = NULL; grpc_json *ptr; - for (ptr = claim->child; ptr; ptr = ptr->next) { - if (strcmp(ptr->key, "iss") == 0) { - iss = ptr; - } else if (strcmp(ptr->key, "sub") == 0) { - sub = ptr; - } else if (strcmp(ptr->key, "scope") == 0) { - scope = ptr; - } else if (strcmp(ptr->key, "aud") == 0) { - aud = ptr; - } else if (strcmp(ptr->key, "exp") == 0) { - exp = ptr; - } else if (strcmp(ptr->key, "iat") == 0) { - iat = ptr; + for (ptr = claim->child; ptr; ptr = ptr->next) + { + if (strcmp (ptr->key, "iss") == 0) + { + iss = ptr; + } + else if (strcmp (ptr->key, "sub") == 0) + { + sub = ptr; + } + else if (strcmp (ptr->key, "scope") == 0) + { + scope = ptr; + } + else if (strcmp (ptr->key, "aud") == 0) + { + aud = ptr; + } + else if (strcmp (ptr->key, "exp") == 0) + { + exp = ptr; + } + else if (strcmp (ptr->key, "iat") == 0) + { + iat = ptr; + } + } + + GPR_ASSERT (iss != NULL); + GPR_ASSERT (iss->type == GRPC_JSON_STRING); + GPR_ASSERT (strcmp (iss->value, "777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount.com") == 0); + + if (expected_scope != NULL) + { + GPR_ASSERT (scope != NULL); + GPR_ASSERT (sub == NULL); + GPR_ASSERT (scope->type == GRPC_JSON_STRING); + GPR_ASSERT (strcmp (scope->value, expected_scope) == 0); } - } - - GPR_ASSERT(iss != NULL); - GPR_ASSERT(iss->type == GRPC_JSON_STRING); - GPR_ASSERT( - strcmp( - iss->value, - "777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount.com") == - 0); - - if (expected_scope != NULL) { - GPR_ASSERT(scope != NULL); - GPR_ASSERT(sub == NULL); - GPR_ASSERT(scope->type == GRPC_JSON_STRING); - GPR_ASSERT(strcmp(scope->value, expected_scope) == 0); - } else { - /* Claims without scope must have a sub. */ - GPR_ASSERT(scope == NULL); - GPR_ASSERT(sub != NULL); - GPR_ASSERT(sub->type == GRPC_JSON_STRING); - GPR_ASSERT(strcmp(iss->value, sub->value) == 0); - } - - GPR_ASSERT(aud != NULL); - GPR_ASSERT(aud->type == GRPC_JSON_STRING); - GPR_ASSERT(strcmp(aud->value, expected_audience) == 0); - - GPR_ASSERT(exp != NULL); - GPR_ASSERT(exp->type == GRPC_JSON_NUMBER); - expiration.tv_sec = strtol(exp->value, NULL, 10); - - GPR_ASSERT(iat != NULL); - GPR_ASSERT(iat->type == GRPC_JSON_NUMBER); - issue_time.tv_sec = strtol(iat->value, NULL, 10); - - parsed_lifetime = gpr_time_sub(expiration, issue_time); - GPR_ASSERT(parsed_lifetime.tv_sec == grpc_max_auth_token_lifetime.tv_sec); + else + { + /* Claims without scope must have a sub. */ + GPR_ASSERT (scope == NULL); + GPR_ASSERT (sub != NULL); + GPR_ASSERT (sub->type == GRPC_JSON_STRING); + GPR_ASSERT (strcmp (iss->value, sub->value) == 0); + } + + GPR_ASSERT (aud != NULL); + GPR_ASSERT (aud->type == GRPC_JSON_STRING); + GPR_ASSERT (strcmp (aud->value, expected_audience) == 0); + + GPR_ASSERT (exp != NULL); + GPR_ASSERT (exp->type == GRPC_JSON_NUMBER); + expiration.tv_sec = strtol (exp->value, NULL, 10); + + GPR_ASSERT (iat != NULL); + GPR_ASSERT (iat->type == GRPC_JSON_NUMBER); + issue_time.tv_sec = strtol (iat->value, NULL, 10); + + parsed_lifetime = gpr_time_sub (expiration, issue_time); + GPR_ASSERT (parsed_lifetime.tv_sec == grpc_max_auth_token_lifetime.tv_sec); } -static void check_jwt_signature(const char *b64_signature, RSA *rsa_key, - const char *signed_data, - size_t signed_data_size) { - EVP_MD_CTX *md_ctx = EVP_MD_CTX_create(); - EVP_PKEY *key = EVP_PKEY_new(); - - gpr_slice sig = grpc_base64_decode(b64_signature, 1); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(sig)); - GPR_ASSERT(GPR_SLICE_LENGTH(sig) == 128); - - GPR_ASSERT(md_ctx != NULL); - GPR_ASSERT(key != NULL); - EVP_PKEY_set1_RSA(key, rsa_key); - - GPR_ASSERT(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, key) == 1); - GPR_ASSERT(EVP_DigestVerifyUpdate(md_ctx, signed_data, signed_data_size) == - 1); - GPR_ASSERT(EVP_DigestVerifyFinal(md_ctx, GPR_SLICE_START_PTR(sig), - GPR_SLICE_LENGTH(sig)) == 1); - - gpr_slice_unref(sig); - if (key != NULL) EVP_PKEY_free(key); - if (md_ctx != NULL) EVP_MD_CTX_destroy(md_ctx); +static void +check_jwt_signature (const char *b64_signature, RSA * rsa_key, const char *signed_data, size_t signed_data_size) +{ + EVP_MD_CTX *md_ctx = EVP_MD_CTX_create (); + EVP_PKEY *key = EVP_PKEY_new (); + + gpr_slice sig = grpc_base64_decode (b64_signature, 1); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (sig)); + GPR_ASSERT (GPR_SLICE_LENGTH (sig) == 128); + + GPR_ASSERT (md_ctx != NULL); + GPR_ASSERT (key != NULL); + EVP_PKEY_set1_RSA (key, rsa_key); + + GPR_ASSERT (EVP_DigestVerifyInit (md_ctx, NULL, EVP_sha256 (), NULL, key) == 1); + GPR_ASSERT (EVP_DigestVerifyUpdate (md_ctx, signed_data, signed_data_size) == 1); + GPR_ASSERT (EVP_DigestVerifyFinal (md_ctx, GPR_SLICE_START_PTR (sig), GPR_SLICE_LENGTH (sig)) == 1); + + gpr_slice_unref (sig); + if (key != NULL) + EVP_PKEY_free (key); + if (md_ctx != NULL) + EVP_MD_CTX_destroy (md_ctx); } -static char *service_account_creds_jwt_encode_and_sign( - const grpc_auth_json_key *key) { - return grpc_jwt_encode_and_sign(key, GRPC_JWT_OAUTH2_AUDIENCE, - grpc_max_auth_token_lifetime, test_scope); +static char * +service_account_creds_jwt_encode_and_sign (const grpc_auth_json_key * key) +{ + return grpc_jwt_encode_and_sign (key, GRPC_JWT_OAUTH2_AUDIENCE, grpc_max_auth_token_lifetime, test_scope); } -static char *jwt_creds_jwt_encode_and_sign(const grpc_auth_json_key *key) { - return grpc_jwt_encode_and_sign(key, test_service_url, - grpc_max_auth_token_lifetime, NULL); +static char * +jwt_creds_jwt_encode_and_sign (const grpc_auth_json_key * key) +{ + return grpc_jwt_encode_and_sign (key, test_service_url, grpc_max_auth_token_lifetime, NULL); } -static void service_account_creds_check_jwt_claim(grpc_json *claim) { - check_jwt_claim(claim, GRPC_JWT_OAUTH2_AUDIENCE, test_scope); +static void +service_account_creds_check_jwt_claim (grpc_json * claim) +{ + check_jwt_claim (claim, GRPC_JWT_OAUTH2_AUDIENCE, test_scope); } -static void jwt_creds_check_jwt_claim(grpc_json *claim) { - check_jwt_claim(claim, test_service_url, NULL); +static void +jwt_creds_check_jwt_claim (grpc_json * claim) +{ + check_jwt_claim (claim, test_service_url, NULL); } -static void test_jwt_encode_and_sign( - char *(*jwt_encode_and_sign_func)(const grpc_auth_json_key *), - void (*check_jwt_claim_func)(grpc_json *)) { - char *json_string = test_json_key_str(NULL); +static void +test_jwt_encode_and_sign (char *(*jwt_encode_and_sign_func) (const grpc_auth_json_key *), void (*check_jwt_claim_func) (grpc_json *)) +{ + char *json_string = test_json_key_str (NULL); grpc_json *parsed_header = NULL; grpc_json *parsed_claim = NULL; char *scratchpad; - grpc_auth_json_key json_key = - grpc_auth_json_key_create_from_string(json_string); + grpc_auth_json_key json_key = grpc_auth_json_key_create_from_string (json_string); const char *b64_signature; size_t offset = 0; - char *jwt = jwt_encode_and_sign_func(&json_key); - const char *dot = strchr(jwt, '.'); - GPR_ASSERT(dot != NULL); - parsed_header = - parse_json_part_from_jwt(jwt, (size_t)(dot - jwt), &scratchpad); - GPR_ASSERT(parsed_header != NULL); - check_jwt_header(parsed_header); - offset = (size_t)(dot - jwt) + 1; - grpc_json_destroy(parsed_header); - gpr_free(scratchpad); - - dot = strchr(jwt + offset, '.'); - GPR_ASSERT(dot != NULL); - parsed_claim = parse_json_part_from_jwt( - jwt + offset, (size_t)(dot - (jwt + offset)), &scratchpad); - GPR_ASSERT(parsed_claim != NULL); - check_jwt_claim_func(parsed_claim); - offset = (size_t)(dot - jwt) + 1; - grpc_json_destroy(parsed_claim); - gpr_free(scratchpad); - - dot = strchr(jwt + offset, '.'); - GPR_ASSERT(dot == NULL); /* no more part. */ + char *jwt = jwt_encode_and_sign_func (&json_key); + const char *dot = strchr (jwt, '.'); + GPR_ASSERT (dot != NULL); + parsed_header = parse_json_part_from_jwt (jwt, (size_t) (dot - jwt), &scratchpad); + GPR_ASSERT (parsed_header != NULL); + check_jwt_header (parsed_header); + offset = (size_t) (dot - jwt) + 1; + grpc_json_destroy (parsed_header); + gpr_free (scratchpad); + + dot = strchr (jwt + offset, '.'); + GPR_ASSERT (dot != NULL); + parsed_claim = parse_json_part_from_jwt (jwt + offset, (size_t) (dot - (jwt + offset)), &scratchpad); + GPR_ASSERT (parsed_claim != NULL); + check_jwt_claim_func (parsed_claim); + offset = (size_t) (dot - jwt) + 1; + grpc_json_destroy (parsed_claim); + gpr_free (scratchpad); + + dot = strchr (jwt + offset, '.'); + GPR_ASSERT (dot == NULL); /* no more part. */ b64_signature = jwt + offset; - check_jwt_signature(b64_signature, json_key.private_key, jwt, offset - 1); + check_jwt_signature (b64_signature, json_key.private_key, jwt, offset - 1); - gpr_free(json_string); - grpc_auth_json_key_destruct(&json_key); - gpr_free(jwt); + gpr_free (json_string); + grpc_auth_json_key_destruct (&json_key); + gpr_free (jwt); } -static void test_service_account_creds_jwt_encode_and_sign(void) { - test_jwt_encode_and_sign(service_account_creds_jwt_encode_and_sign, - service_account_creds_check_jwt_claim); +static void +test_service_account_creds_jwt_encode_and_sign (void) +{ + test_jwt_encode_and_sign (service_account_creds_jwt_encode_and_sign, service_account_creds_check_jwt_claim); } -static void test_jwt_creds_jwt_encode_and_sign(void) { - test_jwt_encode_and_sign(jwt_creds_jwt_encode_and_sign, - jwt_creds_check_jwt_claim); +static void +test_jwt_creds_jwt_encode_and_sign (void) +{ + test_jwt_encode_and_sign (jwt_creds_jwt_encode_and_sign, jwt_creds_check_jwt_claim); } -static void test_parse_refresh_token_success(void) { - grpc_auth_refresh_token refresh_token = - grpc_auth_refresh_token_create_from_string(test_refresh_token_str); - GPR_ASSERT(grpc_auth_refresh_token_is_valid(&refresh_token)); - GPR_ASSERT(refresh_token.type != NULL && - (strcmp(refresh_token.type, "authorized_user") == 0)); - GPR_ASSERT(refresh_token.client_id != NULL && - (strcmp(refresh_token.client_id, - "32555999999.apps.googleusercontent.com") == 0)); - GPR_ASSERT( - refresh_token.client_secret != NULL && - (strcmp(refresh_token.client_secret, "EmssLNjJy1332hD4KFsecret") == 0)); - GPR_ASSERT(refresh_token.refresh_token != NULL && - (strcmp(refresh_token.refresh_token, - "1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42") == 0)); - grpc_auth_refresh_token_destruct(&refresh_token); +static void +test_parse_refresh_token_success (void) +{ + grpc_auth_refresh_token refresh_token = grpc_auth_refresh_token_create_from_string (test_refresh_token_str); + GPR_ASSERT (grpc_auth_refresh_token_is_valid (&refresh_token)); + GPR_ASSERT (refresh_token.type != NULL && (strcmp (refresh_token.type, "authorized_user") == 0)); + GPR_ASSERT (refresh_token.client_id != NULL && (strcmp (refresh_token.client_id, "32555999999.apps.googleusercontent.com") == 0)); + GPR_ASSERT (refresh_token.client_secret != NULL && (strcmp (refresh_token.client_secret, "EmssLNjJy1332hD4KFsecret") == 0)); + GPR_ASSERT (refresh_token.refresh_token != NULL && (strcmp (refresh_token.refresh_token, "1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42") == 0)); + grpc_auth_refresh_token_destruct (&refresh_token); } -static void test_parse_refresh_token_failure_no_type(void) { - const char refresh_token_str[] = - "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," - " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," - " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"}"; - grpc_auth_refresh_token refresh_token = - grpc_auth_refresh_token_create_from_string(refresh_token_str); - GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token)); +static void +test_parse_refresh_token_failure_no_type (void) +{ + const char refresh_token_str[] = "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"}"; + grpc_auth_refresh_token refresh_token = grpc_auth_refresh_token_create_from_string (refresh_token_str); + GPR_ASSERT (!grpc_auth_refresh_token_is_valid (&refresh_token)); } -static void test_parse_refresh_token_failure_no_client_id(void) { - const char refresh_token_str[] = - "{ \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," - " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"," - " \"type\": \"authorized_user\"}"; - grpc_auth_refresh_token refresh_token = - grpc_auth_refresh_token_create_from_string(refresh_token_str); - GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token)); +static void +test_parse_refresh_token_failure_no_client_id (void) +{ + const char refresh_token_str[] = "{ \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"," " \"type\": \"authorized_user\"}"; + grpc_auth_refresh_token refresh_token = grpc_auth_refresh_token_create_from_string (refresh_token_str); + GPR_ASSERT (!grpc_auth_refresh_token_is_valid (&refresh_token)); } -static void test_parse_refresh_token_failure_no_client_secret(void) { - const char refresh_token_str[] = - "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," - " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"," - " \"type\": \"authorized_user\"}"; - grpc_auth_refresh_token refresh_token = - grpc_auth_refresh_token_create_from_string(refresh_token_str); - GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token)); +static void +test_parse_refresh_token_failure_no_client_secret (void) +{ + const char refresh_token_str[] = "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"," " \"type\": \"authorized_user\"}"; + grpc_auth_refresh_token refresh_token = grpc_auth_refresh_token_create_from_string (refresh_token_str); + GPR_ASSERT (!grpc_auth_refresh_token_is_valid (&refresh_token)); } -static void test_parse_refresh_token_failure_no_refresh_token(void) { - const char refresh_token_str[] = - "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," - " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," - " \"type\": \"authorized_user\"}"; - grpc_auth_refresh_token refresh_token = - grpc_auth_refresh_token_create_from_string(refresh_token_str); - GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token)); +static void +test_parse_refresh_token_failure_no_refresh_token (void) +{ + const char refresh_token_str[] = "{ \"client_id\": \"32555999999.apps.googleusercontent.com\"," " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\"," " \"type\": \"authorized_user\"}"; + grpc_auth_refresh_token refresh_token = grpc_auth_refresh_token_create_from_string (refresh_token_str); + GPR_ASSERT (!grpc_auth_refresh_token_is_valid (&refresh_token)); } -int main(int argc, char **argv) { - grpc_test_init(argc, argv); - test_parse_json_key_success(); - test_parse_json_key_failure_bad_json(); - test_parse_json_key_failure_no_type(); - test_parse_json_key_failure_no_client_id(); - test_parse_json_key_failure_no_client_email(); - test_parse_json_key_failure_no_private_key_id(); - test_parse_json_key_failure_no_private_key(); - test_service_account_creds_jwt_encode_and_sign(); - test_jwt_creds_jwt_encode_and_sign(); - test_parse_refresh_token_success(); - test_parse_refresh_token_failure_no_type(); - test_parse_refresh_token_failure_no_client_id(); - test_parse_refresh_token_failure_no_client_secret(); - test_parse_refresh_token_failure_no_refresh_token(); +int +main (int argc, char **argv) +{ + grpc_test_init (argc, argv); + test_parse_json_key_success (); + test_parse_json_key_failure_bad_json (); + test_parse_json_key_failure_no_type (); + test_parse_json_key_failure_no_client_id (); + test_parse_json_key_failure_no_client_email (); + test_parse_json_key_failure_no_private_key_id (); + test_parse_json_key_failure_no_private_key (); + test_service_account_creds_jwt_encode_and_sign (); + test_jwt_creds_jwt_encode_and_sign (); + test_parse_refresh_token_success (); + test_parse_refresh_token_failure_no_type (); + test_parse_refresh_token_failure_no_client_id (); + test_parse_refresh_token_failure_no_client_secret (); + test_parse_refresh_token_failure_no_refresh_token (); return 0; } diff --git a/test/core/security/jwt_verifier_test.c b/test/core/security/jwt_verifier_test.c index f2215e1822..15c19e2533 100644 --- a/test/core/security/jwt_verifier_test.c +++ b/test/core/security/jwt_verifier_test.c @@ -48,540 +48,429 @@ /* This JSON key was generated with the GCE console and revoked immediately. The identifiers have been changed as well. Maximum size for a string literal is 509 chars in C89, yay! */ -static const char json_key_str_part1[] = - "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----" - "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE" - "qg" - "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/" - "rWBQvS4hle4LfijkP3J5BG+" - "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+" - "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/" - "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/" - "8HpCqFYM9V8f34SBWfD4fRFT+n/" - "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"; -static const char json_key_str_part2[] = - "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+" - "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/" - "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA" - "G" - "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz" - "A" - "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+" - "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/" - "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ" - "Y" - "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "; -static const char json_key_str_part3_for_google_email_issuer[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." - "com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; +static const char json_key_str_part1[] = "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----" "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE" "qg" "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/" "rWBQvS4hle4LfijkP3J5BG+" "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+" "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/" "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/" "8HpCqFYM9V8f34SBWfD4fRFT+n/" "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"; +static const char json_key_str_part2[] = "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+" "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/" "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA" "G" "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz" "A" "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+" "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/" "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ" "Y" "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "; +static const char json_key_str_part3_for_google_email_issuer[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount." "com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; /* Trick our JWT library into issuing a JWT with iss=accounts.google.com. */ -static const char json_key_str_part3_for_url_issuer[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": \"accounts.google.com\", " - "\"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; -static const char json_key_str_part3_for_custom_email_issuer[] = - "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " - "\"client_email\": " - "\"foo@bar.com\", \"client_id\": " - "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." - "com\", \"type\": \"service_account\" }"; +static const char json_key_str_part3_for_url_issuer[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": \"accounts.google.com\", " "\"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; +static const char json_key_str_part3_for_custom_email_issuer[] = "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", " "\"client_email\": " "\"foo@bar.com\", \"client_id\": " "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent." "com\", \"type\": \"service_account\" }"; static grpc_jwt_verifier_email_domain_key_url_mapping custom_mapping = { - "bar.com", "keys.bar.com/jwk"}; + "bar.com", "keys.bar.com/jwk" +}; static const char expected_user_data[] = "user data"; -static const char good_jwk_set[] = - "{" - " \"keys\": [" - " {" - " \"kty\": \"RSA\"," - " \"alg\": \"RS256\"," - " \"use\": \"sig\"," - " \"kid\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\"," - " \"n\": " - "\"4S8myegefIeRdynuYkSqBYaOLDvU19cHKC56RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ6mxP" - "QutZC1nKNJ6D-tYFC9LiGV7gt-KOQ_cnkEb4hcMw_xF_OI1FCx6cBcM0-" - "RjiQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFU=\"," - " \"e\": \"AQAB\"" - " }" - " ]" - "}"; - -static gpr_timespec expected_lifetime = {3600, 0, GPR_TIMESPAN}; - -static const char good_google_email_keys_part1[] = - "{\"e6b5137873db8d2ef81e06a47289e6434ec8a165\": \"-----BEGIN " - "CERTIFICATE-----" - "\\nMIICATCCAWoCCQDEywLhxvHjnDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB\\nVTET" - "MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\\ncyBQdHkgTHR" - "kMB4XDTE1MDYyOTA4Mzk1MFoXDTI1MDYyNjA4Mzk1MFowRTELMAkG\\nA1UEBhMCQVUxEzARBg" - "NVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\\nIFdpZGdpdHMgUHR5IEx0ZDCBn" - "zANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4S8m\\nyegefIeRdynuYkSqBYaOLDvU19cHKC56" - "RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ\\n6mxPQutZC1nKNJ6D+tYFC9LiGV7gt+KOQ/"; - -static const char good_google_email_keys_part2[] = - "cnkEb4hcMw/xF/OI1FCx6cBcM0+" - "Rji\\nQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFUCAwEAATANBgkqhkiG9w0BAQsF\\nA" - "AOBgQBfu69FkPmBknbKNFgurPz78kbs3VNN+k/" - "PUgO5DHKskJmgK2TbtvX2VMpx\\nkftmHGzgzMzUlOtigCaGMgHWjfqjpP9uuDbahXrZBJzB8c" - "Oq7MrQF8r17qVvo3Ue\\nPjTKQMAsU8uxTEMmeuz9L6yExs0rfd6bPOrQkAoVfFfiYB3/" - "pA==\\n-----END CERTIFICATE-----\\n\"}"; +static const char good_jwk_set[] = "{" " \"keys\": [" " {" " \"kty\": \"RSA\"," " \"alg\": \"RS256\"," " \"use\": \"sig\"," " \"kid\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\"," " \"n\": " "\"4S8myegefIeRdynuYkSqBYaOLDvU19cHKC56RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ6mxP" "QutZC1nKNJ6D-tYFC9LiGV7gt-KOQ_cnkEb4hcMw_xF_OI1FCx6cBcM0-" "RjiQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFU=\"," " \"e\": \"AQAB\"" " }" " ]" "}"; + +static gpr_timespec expected_lifetime = { 3600, 0, GPR_TIMESPAN }; + +static const char good_google_email_keys_part1[] = "{\"e6b5137873db8d2ef81e06a47289e6434ec8a165\": \"-----BEGIN " "CERTIFICATE-----" "\\nMIICATCCAWoCCQDEywLhxvHjnDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB\\nVTET" "MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\\ncyBQdHkgTHR" "kMB4XDTE1MDYyOTA4Mzk1MFoXDTI1MDYyNjA4Mzk1MFowRTELMAkG\\nA1UEBhMCQVUxEzARBg" "NVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\\nIFdpZGdpdHMgUHR5IEx0ZDCBn" "zANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4S8m\\nyegefIeRdynuYkSqBYaOLDvU19cHKC56" "RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ\\n6mxPQutZC1nKNJ6D+tYFC9LiGV7gt+KOQ/"; + +static const char good_google_email_keys_part2[] = "cnkEb4hcMw/xF/OI1FCx6cBcM0+" "Rji\\nQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFUCAwEAATANBgkqhkiG9w0BAQsF\\nA" "AOBgQBfu69FkPmBknbKNFgurPz78kbs3VNN+k/" "PUgO5DHKskJmgK2TbtvX2VMpx\\nkftmHGzgzMzUlOtigCaGMgHWjfqjpP9uuDbahXrZBJzB8c" "Oq7MrQF8r17qVvo3Ue\\nPjTKQMAsU8uxTEMmeuz9L6yExs0rfd6bPOrQkAoVfFfiYB3/" "pA==\\n-----END CERTIFICATE-----\\n\"}"; static const char expected_audience[] = "https://foo.com"; -static const char good_openid_config[] = - "{" - " \"issuer\": \"https://accounts.google.com\"," - " \"authorization_endpoint\": " - "\"https://accounts.google.com/o/oauth2/v2/auth\"," - " \"token_endpoint\": \"https://www.googleapis.com/oauth2/v4/token\"," - " \"userinfo_endpoint\": \"https://www.googleapis.com/oauth2/v3/userinfo\"," - " \"revocation_endpoint\": \"https://accounts.google.com/o/oauth2/revoke\"," - " \"jwks_uri\": \"https://www.googleapis.com/oauth2/v3/certs\"" - "}"; - -static const char expired_claims[] = - "{ \"aud\": \"https://foo.com\"," - " \"iss\": \"blah.foo.com\"," - " \"sub\": \"juju@blah.foo.com\"," - " \"jti\": \"jwtuniqueid\"," - " \"iat\": 100," /* Way back in the past... */ - " \"exp\": 120," - " \"nbf\": 60," - " \"foo\": \"bar\"}"; - -static const char claims_without_time_constraint[] = - "{ \"aud\": \"https://foo.com\"," - " \"iss\": \"blah.foo.com\"," - " \"sub\": \"juju@blah.foo.com\"," - " \"jti\": \"jwtuniqueid\"," - " \"foo\": \"bar\"}"; - -static const char invalid_claims[] = - "{ \"aud\": \"https://foo.com\"," - " \"iss\": 46," /* Issuer cannot be a number. */ - " \"sub\": \"juju@blah.foo.com\"," - " \"jti\": \"jwtuniqueid\"," - " \"foo\": \"bar\"}"; - -typedef struct { +static const char good_openid_config[] = "{" " \"issuer\": \"https://accounts.google.com\"," " \"authorization_endpoint\": " "\"https://accounts.google.com/o/oauth2/v2/auth\"," " \"token_endpoint\": \"https://www.googleapis.com/oauth2/v4/token\"," " \"userinfo_endpoint\": \"https://www.googleapis.com/oauth2/v3/userinfo\"," " \"revocation_endpoint\": \"https://accounts.google.com/o/oauth2/revoke\"," " \"jwks_uri\": \"https://www.googleapis.com/oauth2/v3/certs\"" "}"; + +static const char expired_claims[] = "{ \"aud\": \"https://foo.com\"," " \"iss\": \"blah.foo.com\"," " \"sub\": \"juju@blah.foo.com\"," " \"jti\": \"jwtuniqueid\"," " \"iat\": 100," /* Way back in the past... */ + " \"exp\": 120," " \"nbf\": 60," " \"foo\": \"bar\"}"; + +static const char claims_without_time_constraint[] = "{ \"aud\": \"https://foo.com\"," " \"iss\": \"blah.foo.com\"," " \"sub\": \"juju@blah.foo.com\"," " \"jti\": \"jwtuniqueid\"," " \"foo\": \"bar\"}"; + +static const char invalid_claims[] = "{ \"aud\": \"https://foo.com\"," " \"iss\": 46," /* Issuer cannot be a number. */ + " \"sub\": \"juju@blah.foo.com\"," " \"jti\": \"jwtuniqueid\"," " \"foo\": \"bar\"}"; + +typedef struct +{ grpc_jwt_verifier_status expected_status; const char *expected_issuer; const char *expected_subject; } verifier_test_config; -static void test_claims_success(void) { +static void +test_claims_success (void) +{ grpc_jwt_claims *claims; - gpr_slice s = gpr_slice_from_copied_string(claims_without_time_constraint); - grpc_json *json = grpc_json_parse_string_with_len( - (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); - GPR_ASSERT(json != NULL); - claims = grpc_jwt_claims_from_json(json, s); - GPR_ASSERT(claims != NULL); - GPR_ASSERT(grpc_jwt_claims_json(claims) == json); - GPR_ASSERT(strcmp(grpc_jwt_claims_audience(claims), "https://foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_issuer(claims), "blah.foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_subject(claims), "juju@blah.foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_id(claims), "jwtuniqueid") == 0); - GPR_ASSERT(grpc_jwt_claims_check(claims, "https://foo.com") == - GRPC_JWT_VERIFIER_OK); - grpc_jwt_claims_destroy(claims); + gpr_slice s = gpr_slice_from_copied_string (claims_without_time_constraint); + grpc_json *json = grpc_json_parse_string_with_len ((char *) GPR_SLICE_START_PTR (s), GPR_SLICE_LENGTH (s)); + GPR_ASSERT (json != NULL); + claims = grpc_jwt_claims_from_json (json, s); + GPR_ASSERT (claims != NULL); + GPR_ASSERT (grpc_jwt_claims_json (claims) == json); + GPR_ASSERT (strcmp (grpc_jwt_claims_audience (claims), "https://foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_issuer (claims), "blah.foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_subject (claims), "juju@blah.foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_id (claims), "jwtuniqueid") == 0); + GPR_ASSERT (grpc_jwt_claims_check (claims, "https://foo.com") == GRPC_JWT_VERIFIER_OK); + grpc_jwt_claims_destroy (claims); } -static void test_expired_claims_failure(void) { +static void +test_expired_claims_failure (void) +{ grpc_jwt_claims *claims; - gpr_slice s = gpr_slice_from_copied_string(expired_claims); - grpc_json *json = grpc_json_parse_string_with_len( - (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); - gpr_timespec exp_iat = {100, 0, GPR_CLOCK_REALTIME}; - gpr_timespec exp_exp = {120, 0, GPR_CLOCK_REALTIME}; - gpr_timespec exp_nbf = {60, 0, GPR_CLOCK_REALTIME}; - GPR_ASSERT(json != NULL); - claims = grpc_jwt_claims_from_json(json, s); - GPR_ASSERT(claims != NULL); - GPR_ASSERT(grpc_jwt_claims_json(claims) == json); - GPR_ASSERT(strcmp(grpc_jwt_claims_audience(claims), "https://foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_issuer(claims), "blah.foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_subject(claims), "juju@blah.foo.com") == 0); - GPR_ASSERT(strcmp(grpc_jwt_claims_id(claims), "jwtuniqueid") == 0); - GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_issued_at(claims), exp_iat) == 0); - GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_expires_at(claims), exp_exp) == 0); - GPR_ASSERT(gpr_time_cmp(grpc_jwt_claims_not_before(claims), exp_nbf) == 0); - - GPR_ASSERT(grpc_jwt_claims_check(claims, "https://foo.com") == - GRPC_JWT_VERIFIER_TIME_CONSTRAINT_FAILURE); - grpc_jwt_claims_destroy(claims); + gpr_slice s = gpr_slice_from_copied_string (expired_claims); + grpc_json *json = grpc_json_parse_string_with_len ((char *) GPR_SLICE_START_PTR (s), GPR_SLICE_LENGTH (s)); + gpr_timespec exp_iat = { 100, 0, GPR_CLOCK_REALTIME }; + gpr_timespec exp_exp = { 120, 0, GPR_CLOCK_REALTIME }; + gpr_timespec exp_nbf = { 60, 0, GPR_CLOCK_REALTIME }; + GPR_ASSERT (json != NULL); + claims = grpc_jwt_claims_from_json (json, s); + GPR_ASSERT (claims != NULL); + GPR_ASSERT (grpc_jwt_claims_json (claims) == json); + GPR_ASSERT (strcmp (grpc_jwt_claims_audience (claims), "https://foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_issuer (claims), "blah.foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_subject (claims), "juju@blah.foo.com") == 0); + GPR_ASSERT (strcmp (grpc_jwt_claims_id (claims), "jwtuniqueid") == 0); + GPR_ASSERT (gpr_time_cmp (grpc_jwt_claims_issued_at (claims), exp_iat) == 0); + GPR_ASSERT (gpr_time_cmp (grpc_jwt_claims_expires_at (claims), exp_exp) == 0); + GPR_ASSERT (gpr_time_cmp (grpc_jwt_claims_not_before (claims), exp_nbf) == 0); + + GPR_ASSERT (grpc_jwt_claims_check (claims, "https://foo.com") == GRPC_JWT_VERIFIER_TIME_CONSTRAINT_FAILURE); + grpc_jwt_claims_destroy (claims); } -static void test_invalid_claims_failure(void) { - gpr_slice s = gpr_slice_from_copied_string(invalid_claims); - grpc_json *json = grpc_json_parse_string_with_len( - (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); - GPR_ASSERT(grpc_jwt_claims_from_json(json, s) == NULL); +static void +test_invalid_claims_failure (void) +{ + gpr_slice s = gpr_slice_from_copied_string (invalid_claims); + grpc_json *json = grpc_json_parse_string_with_len ((char *) GPR_SLICE_START_PTR (s), GPR_SLICE_LENGTH (s)); + GPR_ASSERT (grpc_jwt_claims_from_json (json, s) == NULL); } -static void test_bad_audience_claims_failure(void) { +static void +test_bad_audience_claims_failure (void) +{ grpc_jwt_claims *claims; - gpr_slice s = gpr_slice_from_copied_string(claims_without_time_constraint); - grpc_json *json = grpc_json_parse_string_with_len( - (char *)GPR_SLICE_START_PTR(s), GPR_SLICE_LENGTH(s)); - GPR_ASSERT(json != NULL); - claims = grpc_jwt_claims_from_json(json, s); - GPR_ASSERT(claims != NULL); - GPR_ASSERT(grpc_jwt_claims_check(claims, "https://bar.com") == - GRPC_JWT_VERIFIER_BAD_AUDIENCE); - grpc_jwt_claims_destroy(claims); + gpr_slice s = gpr_slice_from_copied_string (claims_without_time_constraint); + grpc_json *json = grpc_json_parse_string_with_len ((char *) GPR_SLICE_START_PTR (s), GPR_SLICE_LENGTH (s)); + GPR_ASSERT (json != NULL); + claims = grpc_jwt_claims_from_json (json, s); + GPR_ASSERT (claims != NULL); + GPR_ASSERT (grpc_jwt_claims_check (claims, "https://bar.com") == GRPC_JWT_VERIFIER_BAD_AUDIENCE); + grpc_jwt_claims_destroy (claims); } -static char *json_key_str(const char *last_part) { - size_t result_len = strlen(json_key_str_part1) + strlen(json_key_str_part2) + - strlen(last_part); - char *result = gpr_malloc(result_len + 1); +static char * +json_key_str (const char *last_part) +{ + size_t result_len = strlen (json_key_str_part1) + strlen (json_key_str_part2) + strlen (last_part); + char *result = gpr_malloc (result_len + 1); char *current = result; - strcpy(result, json_key_str_part1); - current += strlen(json_key_str_part1); - strcpy(current, json_key_str_part2); - current += strlen(json_key_str_part2); - strcpy(current, last_part); + strcpy (result, json_key_str_part1); + current += strlen (json_key_str_part1); + strcpy (current, json_key_str_part2); + current += strlen (json_key_str_part2); + strcpy (current, last_part); return result; } -static char *good_google_email_keys(void) { - size_t result_len = strlen(good_google_email_keys_part1) + - strlen(good_google_email_keys_part2); - char *result = gpr_malloc(result_len + 1); +static char * +good_google_email_keys (void) +{ + size_t result_len = strlen (good_google_email_keys_part1) + strlen (good_google_email_keys_part2); + char *result = gpr_malloc (result_len + 1); char *current = result; - strcpy(result, good_google_email_keys_part1); - current += strlen(good_google_email_keys_part1); - strcpy(current, good_google_email_keys_part2); + strcpy (result, good_google_email_keys_part1); + current += strlen (good_google_email_keys_part1); + strcpy (current, good_google_email_keys_part2); return result; } -static grpc_httpcli_response http_response(int status, char *body) { +static grpc_httpcli_response +http_response (int status, char *body) +{ grpc_httpcli_response response; - memset(&response, 0, sizeof(grpc_httpcli_response)); + memset (&response, 0, sizeof (grpc_httpcli_response)); response.status = status; response.body = body; - response.body_length = strlen(body); + response.body_length = strlen (body); return response; } -static int httpcli_post_should_not_be_called( - const grpc_httpcli_request *request, const char *body_bytes, - size_t body_size, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - GPR_ASSERT("HTTP POST should not be called" == NULL); +static int +httpcli_post_should_not_be_called (const grpc_httpcli_request * request, const char *body_bytes, size_t body_size, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + GPR_ASSERT ("HTTP POST should not be called" == NULL); return 1; } -static int httpcli_get_google_keys_for_email( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = http_response(200, good_google_email_keys()); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "www.googleapis.com") == 0); - GPR_ASSERT(strcmp(request->path, - "/robot/v1/metadata/x509/" - "777-abaslkan11hlb6nmim3bpspl31ud@developer." - "gserviceaccount.com") == 0); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_google_keys_for_email (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, good_google_email_keys ()); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "www.googleapis.com") == 0); + GPR_ASSERT (strcmp (request->path, "/robot/v1/metadata/x509/" "777-abaslkan11hlb6nmim3bpspl31ud@developer." "gserviceaccount.com") == 0); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static void on_verification_success(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { - GPR_ASSERT(status == GRPC_JWT_VERIFIER_OK); - GPR_ASSERT(claims != NULL); - GPR_ASSERT(user_data == (void *)expected_user_data); - GPR_ASSERT(strcmp(grpc_jwt_claims_audience(claims), expected_audience) == 0); - grpc_jwt_claims_destroy(claims); +static void +on_verification_success (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ + GPR_ASSERT (status == GRPC_JWT_VERIFIER_OK); + GPR_ASSERT (claims != NULL); + GPR_ASSERT (user_data == (void *) expected_user_data); + GPR_ASSERT (strcmp (grpc_jwt_claims_audience (claims), expected_audience) == 0); + grpc_jwt_claims_destroy (claims); } -static void test_jwt_verifier_google_email_issuer_success(void) { +static void +test_jwt_verifier_google_email_issuer_success (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_google_email_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_google_keys_for_email, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_success, (void *)expected_user_data, - &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_google_email_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_google_keys_for_email, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_success, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static int httpcli_get_custom_keys_for_email( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = http_response(200, gpr_strdup(good_jwk_set)); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "keys.bar.com") == 0); - GPR_ASSERT(strcmp(request->path, "/jwk/foo@bar.com") == 0); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_custom_keys_for_email (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, gpr_strdup (good_jwk_set)); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "keys.bar.com") == 0); + GPR_ASSERT (strcmp (request->path, "/jwk/foo@bar.com") == 0); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static void test_jwt_verifier_custom_email_issuer_success(void) { +static void +test_jwt_verifier_custom_email_issuer_success (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(&custom_mapping, 1); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (&custom_mapping, 1); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_custom_email_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_custom_keys_for_email, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_success, (void *)expected_user_data, - &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_custom_email_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_custom_keys_for_email, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_success, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static int httpcli_get_jwk_set(const grpc_httpcli_request *request, - gpr_timespec deadline, - grpc_httpcli_response_cb on_response, - void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = http_response(200, gpr_strdup(good_jwk_set)); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "www.googleapis.com") == 0); - GPR_ASSERT(strcmp(request->path, "/oauth2/v3/certs") == 0); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_jwk_set (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, gpr_strdup (good_jwk_set)); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "www.googleapis.com") == 0); + GPR_ASSERT (strcmp (request->path, "/oauth2/v3/certs") == 0); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static int httpcli_get_openid_config(const grpc_httpcli_request *request, - gpr_timespec deadline, - grpc_httpcli_response_cb on_response, - void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = - http_response(200, gpr_strdup(good_openid_config)); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - GPR_ASSERT(strcmp(request->host, "accounts.google.com") == 0); - GPR_ASSERT(strcmp(request->path, GRPC_OPENID_CONFIG_URL_SUFFIX) == 0); - grpc_httpcli_set_override(httpcli_get_jwk_set, - httpcli_post_should_not_be_called); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_openid_config (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, gpr_strdup (good_openid_config)); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + GPR_ASSERT (strcmp (request->host, "accounts.google.com") == 0); + GPR_ASSERT (strcmp (request->path, GRPC_OPENID_CONFIG_URL_SUFFIX) == 0); + grpc_httpcli_set_override (httpcli_get_jwk_set, httpcli_post_should_not_be_called); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static void test_jwt_verifier_url_issuer_success(void) { +static void +test_jwt_verifier_url_issuer_success (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_url_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_openid_config, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_success, (void *)expected_user_data, - &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_url_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_openid_config, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_success, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static void on_verification_key_retrieval_error(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { - GPR_ASSERT(status == GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR); - GPR_ASSERT(claims == NULL); - GPR_ASSERT(user_data == (void *)expected_user_data); +static void +on_verification_key_retrieval_error (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ + GPR_ASSERT (status == GRPC_JWT_VERIFIER_KEY_RETRIEVAL_ERROR); + GPR_ASSERT (claims == NULL); + GPR_ASSERT (user_data == (void *) expected_user_data); } -static int httpcli_get_bad_json(const grpc_httpcli_request *request, - gpr_timespec deadline, - grpc_httpcli_response_cb on_response, - void *user_data, - grpc_closure_list *closure_list) { - grpc_httpcli_response response = - http_response(200, gpr_strdup("{\"bad\": \"stuff\"}")); - GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); - on_response(user_data, &response, closure_list); - gpr_free(response.body); +static int +httpcli_get_bad_json (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + grpc_httpcli_response response = http_response (200, gpr_strdup ("{\"bad\": \"stuff\"}")); + GPR_ASSERT (request->handshaker == &grpc_httpcli_ssl); + on_response (user_data, &response, closure_list); + gpr_free (response.body); return 1; } -static void test_jwt_verifier_url_issuer_bad_config(void) { +static void +test_jwt_verifier_url_issuer_bad_config (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_url_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_bad_json, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_key_retrieval_error, - (void *)expected_user_data, &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_url_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_bad_json, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_key_retrieval_error, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static void test_jwt_verifier_bad_json_key(void) { +static void +test_jwt_verifier_bad_json_key (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_google_email_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_bad_json, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_key_retrieval_error, - (void *)expected_user_data, &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_google_email_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_bad_json, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_key_retrieval_error, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static void corrupt_jwt_sig(char *jwt) { +static void +corrupt_jwt_sig (char *jwt) +{ gpr_slice sig; char *bad_b64_sig; gpr_uint8 *sig_bytes; - char *last_dot = strrchr(jwt, '.'); - GPR_ASSERT(last_dot != NULL); - sig = grpc_base64_decode(last_dot + 1, 1); - GPR_ASSERT(!GPR_SLICE_IS_EMPTY(sig)); - sig_bytes = GPR_SLICE_START_PTR(sig); - (*sig_bytes)++; /* Corrupt first byte. */ - bad_b64_sig = - grpc_base64_encode(GPR_SLICE_START_PTR(sig), GPR_SLICE_LENGTH(sig), 1, 0); - memcpy(last_dot + 1, bad_b64_sig, strlen(bad_b64_sig)); - gpr_free(bad_b64_sig); - gpr_slice_unref(sig); + char *last_dot = strrchr (jwt, '.'); + GPR_ASSERT (last_dot != NULL); + sig = grpc_base64_decode (last_dot + 1, 1); + GPR_ASSERT (!GPR_SLICE_IS_EMPTY (sig)); + sig_bytes = GPR_SLICE_START_PTR (sig); + (*sig_bytes)++; /* Corrupt first byte. */ + bad_b64_sig = grpc_base64_encode (GPR_SLICE_START_PTR (sig), GPR_SLICE_LENGTH (sig), 1, 0); + memcpy (last_dot + 1, bad_b64_sig, strlen (bad_b64_sig)); + gpr_free (bad_b64_sig); + gpr_slice_unref (sig); } -static void on_verification_bad_signature(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { - GPR_ASSERT(status == GRPC_JWT_VERIFIER_BAD_SIGNATURE); - GPR_ASSERT(claims == NULL); - GPR_ASSERT(user_data == (void *)expected_user_data); +static void +on_verification_bad_signature (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ + GPR_ASSERT (status == GRPC_JWT_VERIFIER_BAD_SIGNATURE); + GPR_ASSERT (claims == NULL); + GPR_ASSERT (user_data == (void *) expected_user_data); } -static void test_jwt_verifier_bad_signature(void) { +static void +test_jwt_verifier_bad_signature (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); char *jwt = NULL; - char *key_str = json_key_str(json_key_str_part3_for_url_issuer); - grpc_auth_json_key key = grpc_auth_json_key_create_from_string(key_str); - gpr_free(key_str); - GPR_ASSERT(grpc_auth_json_key_is_valid(&key)); - grpc_httpcli_set_override(httpcli_get_openid_config, - httpcli_post_should_not_be_called); - jwt = grpc_jwt_encode_and_sign(&key, expected_audience, expected_lifetime, - NULL); - grpc_auth_json_key_destruct(&key); - corrupt_jwt_sig(jwt); - GPR_ASSERT(jwt != NULL); - grpc_jwt_verifier_verify(verifier, NULL, jwt, expected_audience, - on_verification_bad_signature, - (void *)expected_user_data, &closure_list); - gpr_free(jwt); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + char *key_str = json_key_str (json_key_str_part3_for_url_issuer); + grpc_auth_json_key key = grpc_auth_json_key_create_from_string (key_str); + gpr_free (key_str); + GPR_ASSERT (grpc_auth_json_key_is_valid (&key)); + grpc_httpcli_set_override (httpcli_get_openid_config, httpcli_post_should_not_be_called); + jwt = grpc_jwt_encode_and_sign (&key, expected_audience, expected_lifetime, NULL); + grpc_auth_json_key_destruct (&key); + corrupt_jwt_sig (jwt); + GPR_ASSERT (jwt != NULL); + grpc_jwt_verifier_verify (verifier, NULL, jwt, expected_audience, on_verification_bad_signature, (void *) expected_user_data, &closure_list); + gpr_free (jwt); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } -static int httpcli_get_should_not_be_called( - const grpc_httpcli_request *request, gpr_timespec deadline, - grpc_httpcli_response_cb on_response, void *user_data, - grpc_closure_list *closure_list) { - GPR_ASSERT(0); +static int +httpcli_get_should_not_be_called (const grpc_httpcli_request * request, gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data, grpc_closure_list * closure_list) +{ + GPR_ASSERT (0); return 1; } -static void on_verification_bad_format(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { - GPR_ASSERT(status == GRPC_JWT_VERIFIER_BAD_FORMAT); - GPR_ASSERT(claims == NULL); - GPR_ASSERT(user_data == (void *)expected_user_data); +static void +on_verification_bad_format (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ + GPR_ASSERT (status == GRPC_JWT_VERIFIER_BAD_FORMAT); + GPR_ASSERT (claims == NULL); + GPR_ASSERT (user_data == (void *) expected_user_data); } -static void test_jwt_verifier_bad_format(void) { +static void +test_jwt_verifier_bad_format (void) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_jwt_verifier *verifier = grpc_jwt_verifier_create(NULL, 0); - grpc_httpcli_set_override(httpcli_get_should_not_be_called, - httpcli_post_should_not_be_called); - grpc_jwt_verifier_verify(verifier, NULL, "bad jwt", expected_audience, - on_verification_bad_format, - (void *)expected_user_data, &closure_list); - grpc_jwt_verifier_destroy(verifier); - grpc_httpcli_set_override(NULL, NULL); - grpc_closure_list_run(&closure_list); + grpc_jwt_verifier *verifier = grpc_jwt_verifier_create (NULL, 0); + grpc_httpcli_set_override (httpcli_get_should_not_be_called, httpcli_post_should_not_be_called); + grpc_jwt_verifier_verify (verifier, NULL, "bad jwt", expected_audience, on_verification_bad_format, (void *) expected_user_data, &closure_list); + grpc_jwt_verifier_destroy (verifier); + grpc_httpcli_set_override (NULL, NULL); + grpc_closure_list_run (&closure_list); } /* find verification key: bad jks, cannot find key in jks */ /* bad signature custom provided email*/ /* bad key */ -int main(int argc, char **argv) { - grpc_test_init(argc, argv); - test_claims_success(); - test_expired_claims_failure(); - test_invalid_claims_failure(); - test_bad_audience_claims_failure(); - test_jwt_verifier_google_email_issuer_success(); - test_jwt_verifier_custom_email_issuer_success(); - test_jwt_verifier_url_issuer_success(); - test_jwt_verifier_url_issuer_bad_config(); - test_jwt_verifier_bad_json_key(); - test_jwt_verifier_bad_signature(); - test_jwt_verifier_bad_format(); +int +main (int argc, char **argv) +{ + grpc_test_init (argc, argv); + test_claims_success (); + test_expired_claims_failure (); + test_invalid_claims_failure (); + test_bad_audience_claims_failure (); + test_jwt_verifier_google_email_issuer_success (); + test_jwt_verifier_custom_email_issuer_success (); + test_jwt_verifier_url_issuer_success (); + test_jwt_verifier_url_issuer_bad_config (); + test_jwt_verifier_bad_json_key (); + test_jwt_verifier_bad_signature (); + test_jwt_verifier_bad_format (); return 0; } diff --git a/test/core/security/oauth2_utils.c b/test/core/security/oauth2_utils.c index 30ad00cfbc..a490ba4668 100644 --- a/test/core/security/oauth2_utils.c +++ b/test/core/security/oauth2_utils.c @@ -44,62 +44,68 @@ #include "src/core/security/credentials.h" -typedef struct { +typedef struct +{ grpc_pollset pollset; int is_done; char *token; } oauth2_request; -static void on_oauth2_response(void *user_data, grpc_credentials_md *md_elems, - size_t num_md, grpc_credentials_status status, - grpc_closure_list *closure_list) { +static void +on_oauth2_response (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ oauth2_request *request = user_data; char *token = NULL; gpr_slice token_slice; - if (status == GRPC_CREDENTIALS_ERROR) { - gpr_log(GPR_ERROR, "Fetching token failed."); - } else { - GPR_ASSERT(num_md == 1); - token_slice = md_elems[0].value; - token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1); - memcpy(token, GPR_SLICE_START_PTR(token_slice), - GPR_SLICE_LENGTH(token_slice)); - token[GPR_SLICE_LENGTH(token_slice)] = '\0'; - } - gpr_mu_lock(GRPC_POLLSET_MU(&request->pollset)); + if (status == GRPC_CREDENTIALS_ERROR) + { + gpr_log (GPR_ERROR, "Fetching token failed."); + } + else + { + GPR_ASSERT (num_md == 1); + token_slice = md_elems[0].value; + token = gpr_malloc (GPR_SLICE_LENGTH (token_slice) + 1); + memcpy (token, GPR_SLICE_START_PTR (token_slice), GPR_SLICE_LENGTH (token_slice)); + token[GPR_SLICE_LENGTH (token_slice)] = '\0'; + } + gpr_mu_lock (GRPC_POLLSET_MU (&request->pollset)); request->is_done = 1; request->token = token; - grpc_pollset_kick(&request->pollset, NULL); - gpr_mu_unlock(GRPC_POLLSET_MU(&request->pollset)); + grpc_pollset_kick (&request->pollset, NULL); + gpr_mu_unlock (GRPC_POLLSET_MU (&request->pollset)); } -static void do_nothing(void *unused, int success, - grpc_closure_list *closure_list) {} +static void +do_nothing (void *unused, int success, grpc_closure_list * closure_list) +{ +} -char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds) { +char * +grpc_test_fetch_oauth2_token_with_credentials (grpc_credentials * creds) +{ oauth2_request request; grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; grpc_closure do_nothing_closure; - grpc_pollset_init(&request.pollset); + grpc_pollset_init (&request.pollset); request.is_done = 0; - grpc_closure_init(&do_nothing_closure, do_nothing, NULL); + grpc_closure_init (&do_nothing_closure, do_nothing, NULL); - grpc_credentials_get_request_metadata( - creds, &request.pollset, "", on_oauth2_response, &request, &closure_list); + grpc_credentials_get_request_metadata (creds, &request.pollset, "", on_oauth2_response, &request, &closure_list); - grpc_closure_list_run(&closure_list); + grpc_closure_list_run (&closure_list); - gpr_mu_lock(GRPC_POLLSET_MU(&request.pollset)); - while (!request.is_done) { - grpc_pollset_worker worker; - grpc_pollset_work(&request.pollset, &worker, gpr_now(GPR_CLOCK_MONOTONIC), - gpr_inf_future(GPR_CLOCK_MONOTONIC), &closure_list); - } - gpr_mu_unlock(GRPC_POLLSET_MU(&request.pollset)); + gpr_mu_lock (GRPC_POLLSET_MU (&request.pollset)); + while (!request.is_done) + { + grpc_pollset_worker worker; + grpc_pollset_work (&request.pollset, &worker, gpr_now (GPR_CLOCK_MONOTONIC), gpr_inf_future (GPR_CLOCK_MONOTONIC), &closure_list); + } + gpr_mu_unlock (GRPC_POLLSET_MU (&request.pollset)); - grpc_pollset_shutdown(&request.pollset, &do_nothing_closure, &closure_list); - grpc_closure_list_run(&closure_list); - grpc_pollset_destroy(&request.pollset); + grpc_pollset_shutdown (&request.pollset, &do_nothing_closure, &closure_list); + grpc_closure_list_run (&closure_list); + grpc_pollset_destroy (&request.pollset); return request.token; } diff --git a/test/core/security/oauth2_utils.h b/test/core/security/oauth2_utils.h index 8082351b8a..a2eb06834d 100644 --- a/test/core/security/oauth2_utils.h +++ b/test/core/security/oauth2_utils.h @@ -37,15 +37,16 @@ #include "src/core/security/credentials.h" #ifdef __cplusplus -extern "C" { +extern "C" +{ #endif /* Fetch oauth2 access token with a credentials object. Does not take ownership. Returns NULL on a failure. The caller should call gpr_free on the token. */ -char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds); + char *grpc_test_fetch_oauth2_token_with_credentials (grpc_credentials * creds); #ifdef __cplusplus } #endif -#endif /* GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H */ +#endif /* GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H */ diff --git a/test/core/security/print_google_default_creds_token.c b/test/core/security/print_google_default_creds_token.c index 646109c0a1..faac2c7846 100644 --- a/test/core/security/print_google_default_creds_token.c +++ b/test/core/security/print_google_default_creds_token.c @@ -44,72 +44,76 @@ #include <grpc/support/slice.h> #include <grpc/support/sync.h> -typedef struct { +typedef struct +{ grpc_pollset pollset; int is_done; } synchronizer; -static void on_metadata_response(void *user_data, grpc_credentials_md *md_elems, - size_t num_md, grpc_credentials_status status, - grpc_closure_list *closure_list) { +static void +on_metadata_response (void *user_data, grpc_credentials_md * md_elems, size_t num_md, grpc_credentials_status status, grpc_closure_list * closure_list) +{ synchronizer *sync = user_data; - if (status == GRPC_CREDENTIALS_ERROR) { - fprintf(stderr, "Fetching token failed.\n"); - } else { - char *token; - GPR_ASSERT(num_md == 1); - token = gpr_dump_slice(md_elems[0].value, GPR_DUMP_ASCII); - printf("\nGot token: %s\n\n", token); - gpr_free(token); - } - gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset)); + if (status == GRPC_CREDENTIALS_ERROR) + { + fprintf (stderr, "Fetching token failed.\n"); + } + else + { + char *token; + GPR_ASSERT (num_md == 1); + token = gpr_dump_slice (md_elems[0].value, GPR_DUMP_ASCII); + printf ("\nGot token: %s\n\n", token); + gpr_free (token); + } + gpr_mu_lock (GRPC_POLLSET_MU (&sync->pollset)); sync->is_done = 1; - grpc_pollset_kick(&sync->pollset, NULL); - gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset)); + grpc_pollset_kick (&sync->pollset, NULL); + gpr_mu_unlock (GRPC_POLLSET_MU (&sync->pollset)); } -int main(int argc, char **argv) { +int +main (int argc, char **argv) +{ int result = 0; grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; synchronizer sync; grpc_credentials *creds = NULL; char *service_url = "https://test.foo.google.com/Foo"; - gpr_cmdline *cl = gpr_cmdline_create("print_google_default_creds_token"); - gpr_cmdline_add_string(cl, "service_url", - "Service URL for the token request.", &service_url); - gpr_cmdline_parse(cl, argc, argv); + gpr_cmdline *cl = gpr_cmdline_create ("print_google_default_creds_token"); + gpr_cmdline_add_string (cl, "service_url", "Service URL for the token request.", &service_url); + gpr_cmdline_parse (cl, argc, argv); - grpc_init(); + grpc_init (); - creds = grpc_google_default_credentials_create(); - if (creds == NULL) { - fprintf(stderr, "\nCould not find default credentials.\n\n"); - result = 1; - goto end; - } + creds = grpc_google_default_credentials_create (); + if (creds == NULL) + { + fprintf (stderr, "\nCould not find default credentials.\n\n"); + result = 1; + goto end; + } - grpc_pollset_init(&sync.pollset); + grpc_pollset_init (&sync.pollset); sync.is_done = 0; - grpc_credentials_get_request_metadata(creds, &sync.pollset, service_url, - on_metadata_response, &sync, - &closure_list); + grpc_credentials_get_request_metadata (creds, &sync.pollset, service_url, on_metadata_response, &sync, &closure_list); - gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); - while (!sync.is_done) { - grpc_pollset_worker worker; - grpc_pollset_work(&sync.pollset, &worker, gpr_now(GPR_CLOCK_MONOTONIC), - gpr_inf_future(GPR_CLOCK_MONOTONIC), &closure_list); - gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); - grpc_closure_list_run(&closure_list); - gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); - } - gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); + gpr_mu_lock (GRPC_POLLSET_MU (&sync.pollset)); + while (!sync.is_done) + { + grpc_pollset_worker worker; + grpc_pollset_work (&sync.pollset, &worker, gpr_now (GPR_CLOCK_MONOTONIC), gpr_inf_future (GPR_CLOCK_MONOTONIC), &closure_list); + gpr_mu_unlock (GRPC_POLLSET_MU (&sync.pollset)); + grpc_closure_list_run (&closure_list); + gpr_mu_lock (GRPC_POLLSET_MU (&sync.pollset)); + } + gpr_mu_unlock (GRPC_POLLSET_MU (&sync.pollset)); - grpc_credentials_release(creds); + grpc_credentials_release (creds); end: - gpr_cmdline_destroy(cl); - grpc_shutdown(); + gpr_cmdline_destroy (cl); + grpc_shutdown (); return result; } diff --git a/test/core/security/secure_endpoint_test.c b/test/core/security/secure_endpoint_test.c index f68fde4c0a..32db8194e4 100644 --- a/test/core/security/secure_endpoint_test.c +++ b/test/core/security/secure_endpoint_test.c @@ -47,149 +47,158 @@ static grpc_pollset g_pollset; -static grpc_endpoint_test_fixture secure_endpoint_create_fixture_tcp_socketpair( - size_t slice_size, gpr_slice *leftover_slices, size_t leftover_nslices) { +static grpc_endpoint_test_fixture +secure_endpoint_create_fixture_tcp_socketpair (size_t slice_size, gpr_slice * leftover_slices, size_t leftover_nslices) +{ grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - tsi_frame_protector *fake_read_protector = tsi_create_fake_protector(NULL); - tsi_frame_protector *fake_write_protector = tsi_create_fake_protector(NULL); + tsi_frame_protector *fake_read_protector = tsi_create_fake_protector (NULL); + tsi_frame_protector *fake_write_protector = tsi_create_fake_protector (NULL); grpc_endpoint_test_fixture f; grpc_endpoint_pair tcp; - tcp = grpc_iomgr_create_endpoint_pair("fixture", slice_size); - grpc_endpoint_add_to_pollset(tcp.client, &g_pollset, &closure_list); - grpc_endpoint_add_to_pollset(tcp.server, &g_pollset, &closure_list); - - if (leftover_nslices == 0) { - f.client_ep = - grpc_secure_endpoint_create(fake_read_protector, tcp.client, NULL, 0); - } else { - unsigned i; - tsi_result result; - size_t still_pending_size; - size_t total_buffer_size = 8192; - size_t buffer_size = total_buffer_size; - gpr_uint8 *encrypted_buffer = gpr_malloc(buffer_size); - gpr_uint8 *cur = encrypted_buffer; - gpr_slice encrypted_leftover; - for (i = 0; i < leftover_nslices; i++) { - gpr_slice plain = leftover_slices[i]; - gpr_uint8 *message_bytes = GPR_SLICE_START_PTR(plain); - size_t message_size = GPR_SLICE_LENGTH(plain); - while (message_size > 0) { - size_t protected_buffer_size_to_send = buffer_size; - size_t processed_message_size = message_size; - result = tsi_frame_protector_protect( - fake_write_protector, message_bytes, &processed_message_size, cur, - &protected_buffer_size_to_send); - GPR_ASSERT(result == TSI_OK); - message_bytes += processed_message_size; - message_size -= processed_message_size; - cur += protected_buffer_size_to_send; - GPR_ASSERT(buffer_size >= protected_buffer_size_to_send); - buffer_size -= protected_buffer_size_to_send; - } - gpr_slice_unref(plain); + tcp = grpc_iomgr_create_endpoint_pair ("fixture", slice_size); + grpc_endpoint_add_to_pollset (tcp.client, &g_pollset, &closure_list); + grpc_endpoint_add_to_pollset (tcp.server, &g_pollset, &closure_list); + + if (leftover_nslices == 0) + { + f.client_ep = grpc_secure_endpoint_create (fake_read_protector, tcp.client, NULL, 0); + } + else + { + unsigned i; + tsi_result result; + size_t still_pending_size; + size_t total_buffer_size = 8192; + size_t buffer_size = total_buffer_size; + gpr_uint8 *encrypted_buffer = gpr_malloc (buffer_size); + gpr_uint8 *cur = encrypted_buffer; + gpr_slice encrypted_leftover; + for (i = 0; i < leftover_nslices; i++) + { + gpr_slice plain = leftover_slices[i]; + gpr_uint8 *message_bytes = GPR_SLICE_START_PTR (plain); + size_t message_size = GPR_SLICE_LENGTH (plain); + while (message_size > 0) + { + size_t protected_buffer_size_to_send = buffer_size; + size_t processed_message_size = message_size; + result = tsi_frame_protector_protect (fake_write_protector, message_bytes, &processed_message_size, cur, &protected_buffer_size_to_send); + GPR_ASSERT (result == TSI_OK); + message_bytes += processed_message_size; + message_size -= processed_message_size; + cur += protected_buffer_size_to_send; + GPR_ASSERT (buffer_size >= protected_buffer_size_to_send); + buffer_size -= protected_buffer_size_to_send; + } + gpr_slice_unref (plain); + } + do + { + size_t protected_buffer_size_to_send = buffer_size; + result = tsi_frame_protector_protect_flush (fake_write_protector, cur, &protected_buffer_size_to_send, &still_pending_size); + GPR_ASSERT (result == TSI_OK); + cur += protected_buffer_size_to_send; + GPR_ASSERT (buffer_size >= protected_buffer_size_to_send); + buffer_size -= protected_buffer_size_to_send; + } + while (still_pending_size > 0); + encrypted_leftover = gpr_slice_from_copied_buffer ((const char *) encrypted_buffer, total_buffer_size - buffer_size); + f.client_ep = grpc_secure_endpoint_create (fake_read_protector, tcp.client, &encrypted_leftover, 1); + gpr_slice_unref (encrypted_leftover); + gpr_free (encrypted_buffer); } - do { - size_t protected_buffer_size_to_send = buffer_size; - result = tsi_frame_protector_protect_flush(fake_write_protector, cur, - &protected_buffer_size_to_send, - &still_pending_size); - GPR_ASSERT(result == TSI_OK); - cur += protected_buffer_size_to_send; - GPR_ASSERT(buffer_size >= protected_buffer_size_to_send); - buffer_size -= protected_buffer_size_to_send; - } while (still_pending_size > 0); - encrypted_leftover = gpr_slice_from_copied_buffer( - (const char *)encrypted_buffer, total_buffer_size - buffer_size); - f.client_ep = grpc_secure_endpoint_create(fake_read_protector, tcp.client, - &encrypted_leftover, 1); - gpr_slice_unref(encrypted_leftover); - gpr_free(encrypted_buffer); - } - - f.server_ep = - grpc_secure_endpoint_create(fake_write_protector, tcp.server, NULL, 0); - grpc_closure_list_run(&closure_list); + + f.server_ep = grpc_secure_endpoint_create (fake_write_protector, tcp.server, NULL, 0); + grpc_closure_list_run (&closure_list); return f; } static grpc_endpoint_test_fixture -secure_endpoint_create_fixture_tcp_socketpair_noleftover(size_t slice_size) { - return secure_endpoint_create_fixture_tcp_socketpair(slice_size, NULL, 0); +secure_endpoint_create_fixture_tcp_socketpair_noleftover (size_t slice_size) +{ + return secure_endpoint_create_fixture_tcp_socketpair (slice_size, NULL, 0); } static grpc_endpoint_test_fixture -secure_endpoint_create_fixture_tcp_socketpair_leftover(size_t slice_size) { - gpr_slice s = - gpr_slice_from_copied_string("hello world 12345678900987654321"); +secure_endpoint_create_fixture_tcp_socketpair_leftover (size_t slice_size) +{ + gpr_slice s = gpr_slice_from_copied_string ("hello world 12345678900987654321"); grpc_endpoint_test_fixture f; - f = secure_endpoint_create_fixture_tcp_socketpair(slice_size, &s, 1); + f = secure_endpoint_create_fixture_tcp_socketpair (slice_size, &s, 1); return f; } -static void clean_up(void) {} +static void +clean_up (void) +{ +} static grpc_endpoint_test_config configs[] = { - {"secure_ep/tcp_socketpair", - secure_endpoint_create_fixture_tcp_socketpair_noleftover, clean_up}, - {"secure_ep/tcp_socketpair_leftover", - secure_endpoint_create_fixture_tcp_socketpair_leftover, clean_up}, + {"secure_ep/tcp_socketpair", + secure_endpoint_create_fixture_tcp_socketpair_noleftover, clean_up}, + {"secure_ep/tcp_socketpair_leftover", + secure_endpoint_create_fixture_tcp_socketpair_leftover, clean_up}, }; -static void inc_call_ctr(void *arg, int success, - grpc_closure_list *closure_list) { - ++*(int *)arg; +static void +inc_call_ctr (void *arg, int success, grpc_closure_list * closure_list) +{ + ++*(int *) arg; } -static void test_leftover(grpc_endpoint_test_config config, size_t slice_size) { - grpc_endpoint_test_fixture f = config.create_fixture(slice_size); +static void +test_leftover (grpc_endpoint_test_config config, size_t slice_size) +{ + grpc_endpoint_test_fixture f = config.create_fixture (slice_size); gpr_slice_buffer incoming; - gpr_slice s = - gpr_slice_from_copied_string("hello world 12345678900987654321"); + gpr_slice s = gpr_slice_from_copied_string ("hello world 12345678900987654321"); grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; int n = 0; grpc_closure done_closure; - gpr_log(GPR_INFO, "Start test left over"); - - gpr_slice_buffer_init(&incoming); - grpc_closure_init(&done_closure, inc_call_ctr, &n); - grpc_endpoint_read(f.client_ep, &incoming, &done_closure, &closure_list); - grpc_closure_list_run(&closure_list); - GPR_ASSERT(n == 1); - GPR_ASSERT(incoming.count == 1); - GPR_ASSERT(0 == gpr_slice_cmp(s, incoming.slices[0])); - - grpc_endpoint_shutdown(f.client_ep, &closure_list); - grpc_endpoint_shutdown(f.server_ep, &closure_list); - grpc_endpoint_destroy(f.client_ep, &closure_list); - grpc_endpoint_destroy(f.server_ep, &closure_list); - grpc_closure_list_run(&closure_list); - gpr_slice_unref(s); - gpr_slice_buffer_destroy(&incoming); - - clean_up(); + gpr_log (GPR_INFO, "Start test left over"); + + gpr_slice_buffer_init (&incoming); + grpc_closure_init (&done_closure, inc_call_ctr, &n); + grpc_endpoint_read (f.client_ep, &incoming, &done_closure, &closure_list); + grpc_closure_list_run (&closure_list); + GPR_ASSERT (n == 1); + GPR_ASSERT (incoming.count == 1); + GPR_ASSERT (0 == gpr_slice_cmp (s, incoming.slices[0])); + + grpc_endpoint_shutdown (f.client_ep, &closure_list); + grpc_endpoint_shutdown (f.server_ep, &closure_list); + grpc_endpoint_destroy (f.client_ep, &closure_list); + grpc_endpoint_destroy (f.server_ep, &closure_list); + grpc_closure_list_run (&closure_list); + gpr_slice_unref (s); + gpr_slice_buffer_destroy (&incoming); + + clean_up (); } -static void destroy_pollset(void *p, int success, - grpc_closure_list *closure_list) { - grpc_pollset_destroy(p); +static void +destroy_pollset (void *p, int success, grpc_closure_list * closure_list) +{ + grpc_pollset_destroy (p); } -int main(int argc, char **argv) { +int +main (int argc, char **argv) +{ grpc_closure destroyed; grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - grpc_test_init(argc, argv); - - grpc_init(); - grpc_pollset_init(&g_pollset); - grpc_endpoint_tests(configs[0], &g_pollset); - test_leftover(configs[1], 1); - grpc_closure_init(&destroyed, destroy_pollset, &g_pollset); - grpc_pollset_shutdown(&g_pollset, &destroyed, &closure_list); - grpc_closure_list_run(&closure_list); - grpc_shutdown(); + grpc_test_init (argc, argv); + + grpc_init (); + grpc_pollset_init (&g_pollset); + grpc_endpoint_tests (configs[0], &g_pollset); + test_leftover (configs[1], 1); + grpc_closure_init (&destroyed, destroy_pollset, &g_pollset); + grpc_pollset_shutdown (&g_pollset, &destroyed, &closure_list); + grpc_closure_list_run (&closure_list); + grpc_shutdown (); return 0; } diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c index 3f6c592b0b..691c68685b 100644 --- a/test/core/security/security_connector_test.c +++ b/test/core/security/security_connector_test.c @@ -46,212 +46,200 @@ #include <grpc/support/log.h> #include <grpc/support/useful.h> -static int check_transport_security_type(const grpc_auth_context *ctx) { - grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name( - ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME); - const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); - if (prop == NULL) return 0; - if (strncmp(prop->value, GRPC_SSL_TRANSPORT_SECURITY_TYPE, - prop->value_length) != 0) { +static int +check_transport_security_type (const grpc_auth_context * ctx) +{ + grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name (ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME); + const grpc_auth_property *prop = grpc_auth_property_iterator_next (&it); + if (prop == NULL) return 0; - } + if (strncmp (prop->value, GRPC_SSL_TRANSPORT_SECURITY_TYPE, prop->value_length) != 0) + { + return 0; + } /* Check that we have only one property with this name. */ - if (grpc_auth_property_iterator_next(&it) != NULL) return 0; + if (grpc_auth_property_iterator_next (&it) != NULL) + return 0; return 1; } -static void test_unauthenticated_ssl_peer(void) { +static void +test_unauthenticated_ssl_peer (void) +{ tsi_peer peer; grpc_auth_context *ctx; - GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - ctx = tsi_ssl_peer_to_auth_context(&peer); - GPR_ASSERT(ctx != NULL); - GPR_ASSERT(!grpc_auth_context_peer_is_authenticated(ctx)); - GPR_ASSERT(check_transport_security_type(ctx)); - - tsi_peer_destruct(&peer); - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + GPR_ASSERT (tsi_construct_peer (1, &peer) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, &peer.properties[0]) == TSI_OK); + ctx = tsi_ssl_peer_to_auth_context (&peer); + GPR_ASSERT (ctx != NULL); + GPR_ASSERT (!grpc_auth_context_peer_is_authenticated (ctx)); + GPR_ASSERT (check_transport_security_type (ctx)); + + tsi_peer_destruct (&peer); + GRPC_AUTH_CONTEXT_UNREF (ctx, "test"); } -static int check_identity(const grpc_auth_context *ctx, - const char *expected_property_name, - const char **expected_identities, - size_t num_identities) { +static int +check_identity (const grpc_auth_context * ctx, const char *expected_property_name, const char **expected_identities, size_t num_identities) +{ grpc_auth_property_iterator it; const grpc_auth_property *prop; size_t i; - GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); - it = grpc_auth_context_peer_identity(ctx); - for (i = 0; i < num_identities; i++) { - prop = grpc_auth_property_iterator_next(&it); - if (prop == NULL) { - gpr_log(GPR_ERROR, "Expected identity value %s not found.", - expected_identities[i]); + GPR_ASSERT (grpc_auth_context_peer_is_authenticated (ctx)); + it = grpc_auth_context_peer_identity (ctx); + for (i = 0; i < num_identities; i++) + { + prop = grpc_auth_property_iterator_next (&it); + if (prop == NULL) + { + gpr_log (GPR_ERROR, "Expected identity value %s not found.", expected_identities[i]); + return 0; + } + if (strcmp (prop->name, expected_property_name) != 0) + { + gpr_log (GPR_ERROR, "Expected peer identity property name %s and got %s.", expected_property_name, prop->name); + return 0; + } + if (strncmp (prop->value, expected_identities[i], prop->value_length) != 0) + { + gpr_log (GPR_ERROR, "Expected peer identity %s and got %s.", expected_identities[i], prop->value); + return 0; + } + } + return 1; +} + +static int +check_x509_cn (const grpc_auth_context * ctx, const char *expected_cn) +{ + grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name (ctx, GRPC_X509_CN_PROPERTY_NAME); + const grpc_auth_property *prop = grpc_auth_property_iterator_next (&it); + if (prop == NULL) + { + gpr_log (GPR_ERROR, "CN property not found."); return 0; } - if (strcmp(prop->name, expected_property_name) != 0) { - gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.", - expected_property_name, prop->name); + if (strncmp (prop->value, expected_cn, prop->value_length) != 0) + { + gpr_log (GPR_ERROR, "Expected CN %s and got %s", expected_cn, prop->value); return 0; } - if (strncmp(prop->value, expected_identities[i], prop->value_length) != 0) { - gpr_log(GPR_ERROR, "Expected peer identity %s and got %s.", - expected_identities[i], prop->value); + if (grpc_auth_property_iterator_next (&it) != NULL) + { + gpr_log (GPR_ERROR, "Expected only one property for CN."); return 0; } - } - return 1; -} - -static int check_x509_cn(const grpc_auth_context *ctx, - const char *expected_cn) { - grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name( - ctx, GRPC_X509_CN_PROPERTY_NAME); - const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); - if (prop == NULL) { - gpr_log(GPR_ERROR, "CN property not found."); - return 0; - } - if (strncmp(prop->value, expected_cn, prop->value_length) != 0) { - gpr_log(GPR_ERROR, "Expected CN %s and got %s", expected_cn, prop->value); - return 0; - } - if (grpc_auth_property_iterator_next(&it) != NULL) { - gpr_log(GPR_ERROR, "Expected only one property for CN."); - return 0; - } return 1; } -static void test_cn_only_ssl_peer_to_auth_context(void) { +static void +test_cn_only_ssl_peer_to_auth_context (void) +{ tsi_peer peer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; - GPR_ASSERT(tsi_construct_peer(2, &peer) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, - &peer.properties[1]) == TSI_OK); - ctx = tsi_ssl_peer_to_auth_context(&peer); - GPR_ASSERT(ctx != NULL); - GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); - GPR_ASSERT(check_identity(ctx, GRPC_X509_CN_PROPERTY_NAME, &expected_cn, 1)); - GPR_ASSERT(check_transport_security_type(ctx)); - GPR_ASSERT(check_x509_cn(ctx, expected_cn)); - - tsi_peer_destruct(&peer); - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + GPR_ASSERT (tsi_construct_peer (2, &peer) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, &peer.properties[0]) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, &peer.properties[1]) == TSI_OK); + ctx = tsi_ssl_peer_to_auth_context (&peer); + GPR_ASSERT (ctx != NULL); + GPR_ASSERT (grpc_auth_context_peer_is_authenticated (ctx)); + GPR_ASSERT (check_identity (ctx, GRPC_X509_CN_PROPERTY_NAME, &expected_cn, 1)); + GPR_ASSERT (check_transport_security_type (ctx)); + GPR_ASSERT (check_x509_cn (ctx, expected_cn)); + + tsi_peer_destruct (&peer); + GRPC_AUTH_CONTEXT_UNREF (ctx, "test"); } -static void test_cn_and_one_san_ssl_peer_to_auth_context(void) { +static void +test_cn_and_one_san_ssl_peer_to_auth_context (void) +{ tsi_peer peer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; const char *expected_san = "san1"; - GPR_ASSERT(tsi_construct_peer(3, &peer) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, - &peer.properties[1]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, expected_san, - &peer.properties[2]) == TSI_OK); - ctx = tsi_ssl_peer_to_auth_context(&peer); - GPR_ASSERT(ctx != NULL); - GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); - GPR_ASSERT( - check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, &expected_san, 1)); - GPR_ASSERT(check_transport_security_type(ctx)); - GPR_ASSERT(check_x509_cn(ctx, expected_cn)); - - tsi_peer_destruct(&peer); - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + GPR_ASSERT (tsi_construct_peer (3, &peer) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, &peer.properties[0]) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, &peer.properties[1]) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, expected_san, &peer.properties[2]) == TSI_OK); + ctx = tsi_ssl_peer_to_auth_context (&peer); + GPR_ASSERT (ctx != NULL); + GPR_ASSERT (grpc_auth_context_peer_is_authenticated (ctx)); + GPR_ASSERT (check_identity (ctx, GRPC_X509_SAN_PROPERTY_NAME, &expected_san, 1)); + GPR_ASSERT (check_transport_security_type (ctx)); + GPR_ASSERT (check_x509_cn (ctx, expected_cn)); + + tsi_peer_destruct (&peer); + GRPC_AUTH_CONTEXT_UNREF (ctx, "test"); } -static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) { +static void +test_cn_and_multiple_sans_ssl_peer_to_auth_context (void) +{ tsi_peer peer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; - const char *expected_sans[] = {"san1", "san2", "san3"}; + const char *expected_sans[] = { "san1", "san2", "san3" }; size_t i; - GPR_ASSERT(tsi_construct_peer(2 + GPR_ARRAY_SIZE(expected_sans), &peer) == - TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, - &peer.properties[1]) == TSI_OK); - for (i = 0; i < GPR_ARRAY_SIZE(expected_sans); i++) { - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, - expected_sans[i], &peer.properties[2 + i]) == TSI_OK); - } - ctx = tsi_ssl_peer_to_auth_context(&peer); - GPR_ASSERT(ctx != NULL); - GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); - GPR_ASSERT(check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans, - GPR_ARRAY_SIZE(expected_sans))); - GPR_ASSERT(check_transport_security_type(ctx)); - GPR_ASSERT(check_x509_cn(ctx, expected_cn)); - - tsi_peer_destruct(&peer); - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + GPR_ASSERT (tsi_construct_peer (2 + GPR_ARRAY_SIZE (expected_sans), &peer) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, &peer.properties[0]) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, &peer.properties[1]) == TSI_OK); + for (i = 0; i < GPR_ARRAY_SIZE (expected_sans); i++) + { + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, expected_sans[i], &peer.properties[2 + i]) == TSI_OK); + } + ctx = tsi_ssl_peer_to_auth_context (&peer); + GPR_ASSERT (ctx != NULL); + GPR_ASSERT (grpc_auth_context_peer_is_authenticated (ctx)); + GPR_ASSERT (check_identity (ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans, GPR_ARRAY_SIZE (expected_sans))); + GPR_ASSERT (check_transport_security_type (ctx)); + GPR_ASSERT (check_x509_cn (ctx, expected_cn)); + + tsi_peer_destruct (&peer); + GRPC_AUTH_CONTEXT_UNREF (ctx, "test"); } -static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context( - void) { +static void +test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context (void) +{ tsi_peer peer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; - const char *expected_sans[] = {"san1", "san2", "san3"}; + const char *expected_sans[] = { "san1", "san2", "san3" }; size_t i; - GPR_ASSERT(tsi_construct_peer(4 + GPR_ARRAY_SIZE(expected_sans), &peer) == - TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, - &peer.properties[0]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - "foo", "bar", &peer.properties[1]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, - &peer.properties[2]) == TSI_OK); - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - "chapi", "chapo", &peer.properties[3]) == TSI_OK); - for (i = 0; i < GPR_ARRAY_SIZE(expected_sans); i++) { - GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( - TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, - expected_sans[i], &peer.properties[4 + i]) == TSI_OK); - } - ctx = tsi_ssl_peer_to_auth_context(&peer); - GPR_ASSERT(ctx != NULL); - GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); - GPR_ASSERT(check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans, - GPR_ARRAY_SIZE(expected_sans))); - GPR_ASSERT(check_transport_security_type(ctx)); - GPR_ASSERT(check_x509_cn(ctx, expected_cn)); - - tsi_peer_destruct(&peer); - GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + GPR_ASSERT (tsi_construct_peer (4 + GPR_ARRAY_SIZE (expected_sans), &peer) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, &peer.properties[0]) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring ("foo", "bar", &peer.properties[1]) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, &peer.properties[2]) == TSI_OK); + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring ("chapi", "chapo", &peer.properties[3]) == TSI_OK); + for (i = 0; i < GPR_ARRAY_SIZE (expected_sans); i++) + { + GPR_ASSERT (tsi_construct_string_peer_property_from_cstring (TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, expected_sans[i], &peer.properties[4 + i]) == TSI_OK); + } + ctx = tsi_ssl_peer_to_auth_context (&peer); + GPR_ASSERT (ctx != NULL); + GPR_ASSERT (grpc_auth_context_peer_is_authenticated (ctx)); + GPR_ASSERT (check_identity (ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans, GPR_ARRAY_SIZE (expected_sans))); + GPR_ASSERT (check_transport_security_type (ctx)); + GPR_ASSERT (check_x509_cn (ctx, expected_cn)); + + tsi_peer_destruct (&peer); + GRPC_AUTH_CONTEXT_UNREF (ctx, "test"); } -int main(int argc, char **argv) { - grpc_test_init(argc, argv); - grpc_init(); +int +main (int argc, char **argv) +{ + grpc_test_init (argc, argv); + grpc_init (); - test_unauthenticated_ssl_peer(); - test_cn_only_ssl_peer_to_auth_context(); - test_cn_and_one_san_ssl_peer_to_auth_context(); - test_cn_and_multiple_sans_ssl_peer_to_auth_context(); - test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(); + test_unauthenticated_ssl_peer (); + test_cn_only_ssl_peer_to_auth_context (); + test_cn_and_one_san_ssl_peer_to_auth_context (); + test_cn_and_multiple_sans_ssl_peer_to_auth_context (); + test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context (); - grpc_shutdown(); + grpc_shutdown (); return 0; } diff --git a/test/core/security/verify_jwt.c b/test/core/security/verify_jwt.c index 9be6ee6e33..fd8aaeb484 100644 --- a/test/core/security/verify_jwt.c +++ b/test/core/security/verify_jwt.c @@ -43,47 +43,53 @@ #include <grpc/support/slice.h> #include <grpc/support/sync.h> -typedef struct { +typedef struct +{ grpc_pollset pollset; int is_done; int success; } synchronizer; -static void print_usage_and_exit(gpr_cmdline *cl, const char *argv0) { - char *usage = gpr_cmdline_usage_string(cl, argv0); - fprintf(stderr, "%s", usage); - gpr_free(usage); - gpr_cmdline_destroy(cl); - exit(1); +static void +print_usage_and_exit (gpr_cmdline * cl, const char *argv0) +{ + char *usage = gpr_cmdline_usage_string (cl, argv0); + fprintf (stderr, "%s", usage); + gpr_free (usage); + gpr_cmdline_destroy (cl); + exit (1); } -static void on_jwt_verification_done(void *user_data, - grpc_jwt_verifier_status status, - grpc_jwt_claims *claims) { +static void +on_jwt_verification_done (void *user_data, grpc_jwt_verifier_status status, grpc_jwt_claims * claims) +{ synchronizer *sync = user_data; sync->success = (status == GRPC_JWT_VERIFIER_OK); - if (sync->success) { - char *claims_str; - GPR_ASSERT(claims != NULL); - claims_str = - grpc_json_dump_to_string((grpc_json *)grpc_jwt_claims_json(claims), 2); - printf("Claims: \n\n%s\n", claims_str); - gpr_free(claims_str); - grpc_jwt_claims_destroy(claims); - } else { - GPR_ASSERT(claims == NULL); - fprintf(stderr, "Verification failed with error %s\n", - grpc_jwt_verifier_status_to_string(status)); - } + if (sync->success) + { + char *claims_str; + GPR_ASSERT (claims != NULL); + claims_str = grpc_json_dump_to_string ((grpc_json *) grpc_jwt_claims_json (claims), 2); + printf ("Claims: \n\n%s\n", claims_str); + gpr_free (claims_str); + grpc_jwt_claims_destroy (claims); + } + else + { + GPR_ASSERT (claims == NULL); + fprintf (stderr, "Verification failed with error %s\n", grpc_jwt_verifier_status_to_string (status)); + } - gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset)); + gpr_mu_lock (GRPC_POLLSET_MU (&sync->pollset)); sync->is_done = 1; - grpc_pollset_kick(&sync->pollset, NULL); - gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset)); + grpc_pollset_kick (&sync->pollset, NULL); + gpr_mu_unlock (GRPC_POLLSET_MU (&sync->pollset)); } -int main(int argc, char **argv) { +int +main (int argc, char **argv) +{ synchronizer sync; grpc_jwt_verifier *verifier; gpr_cmdline *cl; @@ -91,36 +97,36 @@ int main(int argc, char **argv) { char *aud = NULL; grpc_closure_list closure_list = GRPC_CLOSURE_LIST_INIT; - cl = gpr_cmdline_create("JWT verifier tool"); - gpr_cmdline_add_string(cl, "jwt", "JSON web token to verify", &jwt); - gpr_cmdline_add_string(cl, "aud", "Audience for the JWT", &aud); - gpr_cmdline_parse(cl, argc, argv); - if (jwt == NULL || aud == NULL) { - print_usage_and_exit(cl, argv[0]); - } + cl = gpr_cmdline_create ("JWT verifier tool"); + gpr_cmdline_add_string (cl, "jwt", "JSON web token to verify", &jwt); + gpr_cmdline_add_string (cl, "aud", "Audience for the JWT", &aud); + gpr_cmdline_parse (cl, argc, argv); + if (jwt == NULL || aud == NULL) + { + print_usage_and_exit (cl, argv[0]); + } - verifier = grpc_jwt_verifier_create(NULL, 0); + verifier = grpc_jwt_verifier_create (NULL, 0); - grpc_init(); + grpc_init (); - grpc_pollset_init(&sync.pollset); + grpc_pollset_init (&sync.pollset); sync.is_done = 0; - grpc_jwt_verifier_verify(verifier, &sync.pollset, jwt, aud, - on_jwt_verification_done, &sync, &closure_list); + grpc_jwt_verifier_verify (verifier, &sync.pollset, jwt, aud, on_jwt_verification_done, &sync, &closure_list); - gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); - while (!sync.is_done) { - grpc_pollset_worker worker; - grpc_pollset_work(&sync.pollset, &worker, gpr_now(GPR_CLOCK_MONOTONIC), - gpr_inf_future(GPR_CLOCK_MONOTONIC), &closure_list); - gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); - grpc_closure_list_run(&closure_list); - gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); - } - gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); + gpr_mu_lock (GRPC_POLLSET_MU (&sync.pollset)); + while (!sync.is_done) + { + grpc_pollset_worker worker; + grpc_pollset_work (&sync.pollset, &worker, gpr_now (GPR_CLOCK_MONOTONIC), gpr_inf_future (GPR_CLOCK_MONOTONIC), &closure_list); + gpr_mu_unlock (GRPC_POLLSET_MU (&sync.pollset)); + grpc_closure_list_run (&closure_list); + gpr_mu_lock (GRPC_POLLSET_MU (&sync.pollset)); + } + gpr_mu_unlock (GRPC_POLLSET_MU (&sync.pollset)); - grpc_jwt_verifier_destroy(verifier); - gpr_cmdline_destroy(cl); + grpc_jwt_verifier_destroy (verifier); + gpr_cmdline_destroy (cl); return !sync.success; } |