diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/core/security/fetch_oauth2.c | 47 | ||||
-rw-r--r-- | test/core/security/oauth2_utils.c | 92 | ||||
-rw-r--r-- | test/core/security/oauth2_utils.h | 51 | ||||
-rw-r--r-- | test/cpp/interop/client.cc | 9 | ||||
-rw-r--r-- | test/cpp/interop/client_helper.cc | 39 | ||||
-rw-r--r-- | test/cpp/interop/client_helper.h | 2 | ||||
-rw-r--r-- | test/cpp/interop/interop_client.cc | 17 | ||||
-rw-r--r-- | test/cpp/interop/interop_client.h | 3 |
8 files changed, 212 insertions, 48 deletions
diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c index 767f724b62..64c4dde5d9 100644 --- a/test/core/security/fetch_oauth2.c +++ b/test/core/security/fetch_oauth2.c @@ -44,35 +44,7 @@ #include "src/core/security/credentials.h" #include "src/core/support/file.h" - -typedef struct { - grpc_pollset pollset; - int is_done; -} synchronizer; - -static void on_oauth2_response(void *user_data, - grpc_credentials_md *md_elems, - size_t num_md, grpc_credentials_status status) { - synchronizer *sync = user_data; - char *token; - gpr_slice token_slice; - if (status == GRPC_CREDENTIALS_ERROR) { - gpr_log(GPR_ERROR, "Fetching token failed."); - } else { - GPR_ASSERT(num_md == 1); - token_slice = md_elems[0].value; - token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1); - memcpy(token, GPR_SLICE_START_PTR(token_slice), - GPR_SLICE_LENGTH(token_slice)); - token[GPR_SLICE_LENGTH(token_slice)] = '\0'; - printf("Got token: %s.\n", token); - gpr_free(token); - } - gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset)); - sync->is_done = 1; - grpc_pollset_kick(&sync->pollset); - gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset)); -} +#include "test/core/security/oauth2_utils.h" static grpc_credentials *create_service_account_creds( const char *json_key_file_path, const char *scope) { @@ -101,10 +73,10 @@ static grpc_credentials *create_refresh_token_creds( } int main(int argc, char **argv) { - synchronizer sync; grpc_credentials *creds = NULL; char *json_key_file_path = NULL; char *json_refresh_token_file_path = NULL; + char *token = NULL; int use_gce = 0; char *scope = NULL; gpr_cmdline *cl = gpr_cmdline_create("fetch_oauth2"); @@ -175,16 +147,11 @@ int main(int argc, char **argv) { } GPR_ASSERT(creds != NULL); - grpc_pollset_init(&sync.pollset); - sync.is_done = 0; - - grpc_credentials_get_request_metadata(creds, &sync.pollset, "", on_oauth2_response, &sync); - - gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); - while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future); - gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); - - grpc_pollset_destroy(&sync.pollset); + token = grpc_test_fetch_oauth2_token_with_credentials(creds); + if (token != NULL) { + printf("Got token: %s.\n", token); + gpr_free(token); + } grpc_credentials_release(creds); gpr_cmdline_destroy(cl); grpc_shutdown(); diff --git a/test/core/security/oauth2_utils.c b/test/core/security/oauth2_utils.c new file mode 100644 index 0000000000..7196d4778d --- /dev/null +++ b/test/core/security/oauth2_utils.c @@ -0,0 +1,92 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "test/core/security/oauth2_utils.h" + +#include <string.h> + +#include <grpc/grpc.h> +#include <grpc/grpc_security.h> +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> +#include <grpc/support/slice.h> +#include <grpc/support/sync.h> + +#include "src/core/security/credentials.h" + +typedef struct { + grpc_pollset pollset; + int is_done; + char *token; +} synchronizer; + +static void on_oauth2_response(void *user_data, grpc_credentials_md *md_elems, + size_t num_md, grpc_credentials_status status) { + synchronizer *sync = user_data; + char *token = NULL; + gpr_slice token_slice; + if (status == GRPC_CREDENTIALS_ERROR) { + gpr_log(GPR_ERROR, "Fetching token failed."); + } else { + GPR_ASSERT(num_md == 1); + token_slice = md_elems[0].value; + token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1); + memcpy(token, GPR_SLICE_START_PTR(token_slice), + GPR_SLICE_LENGTH(token_slice)); + token[GPR_SLICE_LENGTH(token_slice)] = '\0'; + } + gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset)); + sync->is_done = 1; + sync->token = token; + grpc_pollset_kick(&sync->pollset); + gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset)); +} + +static void do_nothing(void *unused) {} + +char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds) { + synchronizer sync; + grpc_pollset_init(&sync.pollset); + sync.is_done = 0; + + grpc_credentials_get_request_metadata(creds, &sync.pollset, "", + on_oauth2_response, &sync); + + gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); + while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future); + gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); + + grpc_pollset_shutdown(&sync.pollset, do_nothing, NULL); + grpc_pollset_destroy(&sync.pollset); + return sync.token; +} diff --git a/test/core/security/oauth2_utils.h b/test/core/security/oauth2_utils.h new file mode 100644 index 0000000000..8082351b8a --- /dev/null +++ b/test/core/security/oauth2_utils.h @@ -0,0 +1,51 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H +#define GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H + +#include "src/core/security/credentials.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* Fetch oauth2 access token with a credentials object. Does not take ownership. + Returns NULL on a failure. The caller should call gpr_free on the token. */ +char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds); + +#ifdef __cplusplus +} +#endif + +#endif /* GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H */ diff --git a/test/cpp/interop/client.cc b/test/cpp/interop/client.cc index 96149c5e75..1f1e6c1306 100644 --- a/test/cpp/interop/client.cc +++ b/test/cpp/interop/client.cc @@ -68,6 +68,7 @@ DEFINE_string(test_case, "large_unary", "service_account_creds : large_unary with service_account auth; " "compute_engine_creds: large_unary with compute engine auth; " "jwt_token_creds: large_unary with JWT token auth; " + "oauth2_auth_token: raw oauth2 access token auth; " "all : all of above."); DEFINE_string(default_service_account, "", "Email of GCE default service account"); @@ -113,6 +114,9 @@ int main(int argc, char** argv) { } else if (FLAGS_test_case == "jwt_token_creds") { grpc::string json_key = GetServiceAccountJsonKey(); client.DoJwtTokenCreds(json_key); + } else if (FLAGS_test_case == "oauth2_auth_token") { + grpc::string json_key = GetServiceAccountJsonKey(); + client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope); } else if (FLAGS_test_case == "all") { client.DoEmpty(); client.DoLargeUnary(); @@ -128,6 +132,7 @@ int main(int argc, char** argv) { grpc::string json_key = GetServiceAccountJsonKey(); client.DoServiceAccountCreds(json_key, FLAGS_oauth_scope); client.DoJwtTokenCreds(json_key); + client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope); } // compute_engine_creds only runs in GCE. } else { @@ -136,8 +141,8 @@ int main(int argc, char** argv) { "Unsupported test case %s. Valid options are all|empty_unary|" "large_unary|client_streaming|server_streaming|half_duplex|ping_pong|" "cancel_after_begin|cancel_after_first_response|" - "timeout_on_sleeping_server|" - "service_account_creds|compute_engine_creds|jwt_token_creds", + "timeout_on_sleeping_server|service_account_creds|compute_engine_creds|" + "jwt_token_creds|oauth2_auth_token", FLAGS_test_case.c_str()); ret = 1; } diff --git a/test/cpp/interop/client_helper.cc b/test/cpp/interop/client_helper.cc index 09fd1c8913..48b1b2e864 100644 --- a/test/cpp/interop/client_helper.cc +++ b/test/cpp/interop/client_helper.cc @@ -40,6 +40,7 @@ #include <unistd.h> #include <grpc/grpc.h> +#include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <gflags/gflags.h> #include <grpc++/channel_arguments.h> @@ -47,6 +48,8 @@ #include <grpc++/create_channel.h> #include <grpc++/credentials.h> #include <grpc++/stream.h> +#include "src/cpp/client/secure_credentials.h" +#include "test/core/security/oauth2_utils.h" #include "test/cpp/util/create_test_channel.h" DECLARE_bool(enable_ssl); @@ -62,6 +65,16 @@ DECLARE_string(oauth_scope); namespace grpc { namespace testing { +namespace { +std::shared_ptr<Credentials> CreateServiceAccountCredentials() { + GPR_ASSERT(FLAGS_enable_ssl); + grpc::string json_key = GetServiceAccountJsonKey(); + std::chrono::seconds token_lifetime = std::chrono::hours(1); + return ServiceAccountCredentials(json_key, FLAGS_oauth_scope, + token_lifetime.count()); +} +} // namespace + grpc::string GetServiceAccountJsonKey() { static grpc::string json_key; if (json_key.empty()) { @@ -73,6 +86,20 @@ grpc::string GetServiceAccountJsonKey() { return json_key; } +grpc::string GetOauth2AccessToken() { + std::shared_ptr<Credentials> creds = CreateServiceAccountCredentials(); + SecureCredentials* secure_creds = + dynamic_cast<SecureCredentials*>(creds.get()); + GPR_ASSERT(secure_creds != nullptr); + grpc_credentials* c_creds = secure_creds->GetRawCreds(); + char* token = grpc_test_fetch_oauth2_token_with_credentials(c_creds); + GPR_ASSERT(token != nullptr); + gpr_log(GPR_INFO, "Get raw oauth2 access token: %s", token); + grpc::string access_token(token + sizeof("Bearer ") - 1); + gpr_free(token); + return access_token; +} + std::shared_ptr<ChannelInterface> CreateChannelForTestCase( const grpc::string& test_case) { GPR_ASSERT(FLAGS_server_port); @@ -82,12 +109,7 @@ std::shared_ptr<ChannelInterface> CreateChannelForTestCase( FLAGS_server_port); if (test_case == "service_account_creds") { - std::shared_ptr<Credentials> creds; - GPR_ASSERT(FLAGS_enable_ssl); - grpc::string json_key = GetServiceAccountJsonKey(); - std::chrono::seconds token_lifetime = std::chrono::hours(1); - creds = ServiceAccountCredentials(json_key, FLAGS_oauth_scope, - token_lifetime.count()); + std::shared_ptr<Credentials> creds = CreateServiceAccountCredentials(); return CreateTestChannel(host_port, FLAGS_server_host_override, FLAGS_enable_ssl, FLAGS_use_prod_roots, creds); } else if (test_case == "compute_engine_creds") { @@ -104,6 +126,11 @@ std::shared_ptr<ChannelInterface> CreateChannelForTestCase( creds = JWTCredentials(json_key, token_lifetime.count()); return CreateTestChannel(host_port, FLAGS_server_host_override, FLAGS_enable_ssl, FLAGS_use_prod_roots, creds); + } else if (test_case == "oauth2_auth_token") { + grpc::string raw_token = GetOauth2AccessToken(); + std::shared_ptr<Credentials> creds = AccessTokenCredentials(raw_token); + return CreateTestChannel(host_port, FLAGS_server_host_override, + FLAGS_enable_ssl, FLAGS_use_prod_roots, creds); } else { return CreateTestChannel(host_port, FLAGS_server_host_override, FLAGS_enable_ssl, FLAGS_use_prod_roots); diff --git a/test/cpp/interop/client_helper.h b/test/cpp/interop/client_helper.h index 897f974026..c4361bb9de 100644 --- a/test/cpp/interop/client_helper.h +++ b/test/cpp/interop/client_helper.h @@ -44,6 +44,8 @@ namespace testing { grpc::string GetServiceAccountJsonKey(); +grpc::string GetOauth2AccessToken(); + std::shared_ptr<ChannelInterface> CreateChannelForTestCase( const grpc::string& test_case); diff --git a/test/cpp/interop/interop_client.cc b/test/cpp/interop/interop_client.cc index d88eff759c..30056e26ab 100644 --- a/test/cpp/interop/interop_client.cc +++ b/test/cpp/interop/interop_client.cc @@ -143,6 +143,23 @@ void InteropClient::DoServiceAccountCreds(const grpc::string& username, gpr_log(GPR_INFO, "Large unary with service account creds done."); } +void InteropClient::DoOauth2AuthToken(const grpc::string& username, + const grpc::string& oauth_scope) { + gpr_log(GPR_INFO, + "Sending a large unary rpc with raw oauth2 access token ..."); + SimpleRequest request; + SimpleResponse response; + request.set_fill_username(true); + request.set_fill_oauth_scope(true); + PerformLargeUnary(&request, &response); + GPR_ASSERT(!response.username().empty()); + GPR_ASSERT(!response.oauth_scope().empty()); + GPR_ASSERT(username.find(response.username()) != grpc::string::npos); + const char* oauth_scope_str = response.oauth_scope().c_str(); + GPR_ASSERT(oauth_scope.find(oauth_scope_str) != grpc::string::npos); + gpr_log(GPR_INFO, "Large unary with oauth2 access token done."); +} + void InteropClient::DoJwtTokenCreds(const grpc::string& username) { gpr_log(GPR_INFO, "Sending a large unary rpc with JWT token credentials ..."); SimpleRequest request; diff --git a/test/cpp/interop/interop_client.h b/test/cpp/interop/interop_client.h index d02e583d94..67eecd9ccc 100644 --- a/test/cpp/interop/interop_client.h +++ b/test/cpp/interop/interop_client.h @@ -68,6 +68,9 @@ class InteropClient { // username is a string containing the user email void DoServiceAccountCreds(const grpc::string& username, const grpc::string& oauth_scope); + // username is a string containing the user email + void DoOauth2AuthToken(const grpc::string& username, + const grpc::string& oauth_scope); private: void PerformLargeUnary(SimpleRequest* request, SimpleResponse* response); |