Line data Source code
1 : /*
2 : *
3 : * Copyright 2015, Google Inc.
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions are
8 : * met:
9 : *
10 : * * Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : * * Redistributions in binary form must reproduce the above
13 : * copyright notice, this list of conditions and the following disclaimer
14 : * in the documentation and/or other materials provided with the
15 : * distribution.
16 : * * Neither the name of Google Inc. nor the names of its
17 : * contributors may be used to endorse or promote products derived from
18 : * this software without specific prior written permission.
19 : *
20 : * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 : * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 : * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 : * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 : * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 : * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 : * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 : * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 : * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 : * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 : * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 : *
32 : */
33 :
34 : #include "src/core/security/json_token.h"
35 :
36 : #include <string.h>
37 :
38 : #include "src/core/security/base64.h"
39 : #include <grpc/grpc_security.h>
40 : #include <grpc/support/alloc.h>
41 : #include <grpc/support/log.h>
42 : #include <grpc/support/slice.h>
43 : #include "test/core/util/test_config.h"
44 : #include "src/core/json/json.h"
45 : #include <openssl/evp.h>
46 :
47 : /* This JSON key was generated with the GCE console and revoked immediately.
48 : The identifiers have been changed as well.
49 : Maximum size for a string literal is 509 chars in C89, yay! */
50 : static const char test_json_key_str_part1[] =
51 : "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----"
52 : "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE"
53 : "qg"
54 : "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/"
55 : "rWBQvS4hle4LfijkP3J5BG+"
56 : "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+"
57 : "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/"
58 : "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/"
59 : "8HpCqFYM9V8f34SBWfD4fRFT+n/"
60 : "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+";
61 : static const char test_json_key_str_part2[] =
62 : "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+"
63 : "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/"
64 : "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA"
65 : "G"
66 : "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz"
67 : "A"
68 : "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+"
69 : "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/"
70 : "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ"
71 : "Y"
72 : "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", ";
73 : static const char test_json_key_str_part3[] =
74 : "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
75 : "\"client_email\": "
76 : "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
77 : "com\", \"client_id\": "
78 : "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
79 : "com\", \"type\": \"service_account\" }";
80 :
81 : /* Test refresh token. */
82 : static const char test_refresh_token_str[] =
83 : "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
84 : " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
85 : " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
86 : " \"type\": \"authorized_user\"}";
87 :
88 : static const char test_scope[] = "myperm1 myperm2";
89 :
90 : static const char test_service_url[] = "https://foo.com/foo.v1";
91 :
92 8 : static char *test_json_key_str(const char *bad_part3) {
93 8 : const char *part3 = bad_part3 != NULL ? bad_part3 : test_json_key_str_part3;
94 8 : size_t result_len = strlen(test_json_key_str_part1) +
95 8 : strlen(test_json_key_str_part2) + strlen(part3);
96 8 : char *result = gpr_malloc(result_len + 1);
97 8 : char *current = result;
98 8 : strcpy(result, test_json_key_str_part1);
99 8 : current += strlen(test_json_key_str_part1);
100 8 : strcpy(current, test_json_key_str_part2);
101 8 : current += strlen(test_json_key_str_part2);
102 8 : strcpy(current, part3);
103 8 : return result;
104 : }
105 :
106 1 : static void test_parse_json_key_success(void) {
107 1 : char *json_string = test_json_key_str(NULL);
108 1 : grpc_auth_json_key json_key =
109 : grpc_auth_json_key_create_from_string(json_string);
110 1 : GPR_ASSERT(grpc_auth_json_key_is_valid(&json_key));
111 1 : GPR_ASSERT(json_key.type != NULL &&
112 : strcmp(json_key.type, "service_account") == 0);
113 1 : GPR_ASSERT(json_key.private_key_id != NULL &&
114 : strcmp(json_key.private_key_id,
115 : "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0);
116 1 : GPR_ASSERT(json_key.client_id != NULL &&
117 : strcmp(json_key.client_id,
118 : "777-abaslkan11hlb6nmim3bpspl31ud.apps."
119 : "googleusercontent.com") == 0);
120 1 : GPR_ASSERT(json_key.client_email != NULL &&
121 : strcmp(json_key.client_email,
122 : "777-abaslkan11hlb6nmim3bpspl31ud@developer."
123 : "gserviceaccount.com") == 0);
124 1 : GPR_ASSERT(json_key.private_key != NULL);
125 1 : gpr_free(json_string);
126 1 : grpc_auth_json_key_destruct(&json_key);
127 1 : }
128 :
129 1 : static void test_parse_json_key_failure_bad_json(void) {
130 1 : const char non_closing_part3[] =
131 : "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
132 : "\"client_email\": "
133 : "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
134 : "com\", \"client_id\": "
135 : "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
136 : "com\", \"type\": \"service_account\" ";
137 1 : char *json_string = test_json_key_str(non_closing_part3);
138 1 : grpc_auth_json_key json_key =
139 : grpc_auth_json_key_create_from_string(json_string);
140 1 : GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key));
141 1 : gpr_free(json_string);
142 1 : grpc_auth_json_key_destruct(&json_key);
143 1 : }
144 :
145 1 : static void test_parse_json_key_failure_no_type(void) {
146 1 : const char no_type_part3[] =
147 : "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
148 : "\"client_email\": "
149 : "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
150 : "com\", \"client_id\": "
151 : "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
152 : "com\" }";
153 1 : char *json_string = test_json_key_str(no_type_part3);
154 1 : grpc_auth_json_key json_key =
155 : grpc_auth_json_key_create_from_string(json_string);
156 1 : GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key));
157 1 : gpr_free(json_string);
158 1 : grpc_auth_json_key_destruct(&json_key);
159 1 : }
160 :
161 1 : static void test_parse_json_key_failure_no_client_id(void) {
162 1 : const char no_client_id_part3[] =
163 : "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
164 : "\"client_email\": "
165 : "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
166 : "com\", "
167 : "\"type\": \"service_account\" }";
168 1 : char *json_string = test_json_key_str(no_client_id_part3);
169 1 : grpc_auth_json_key json_key =
170 : grpc_auth_json_key_create_from_string(json_string);
171 1 : GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key));
172 1 : gpr_free(json_string);
173 1 : grpc_auth_json_key_destruct(&json_key);
174 1 : }
175 :
176 1 : static void test_parse_json_key_failure_no_client_email(void) {
177 1 : const char no_client_email_part3[] =
178 : "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
179 : "\"client_id\": "
180 : "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
181 : "com\", \"type\": \"service_account\" }";
182 1 : char *json_string = test_json_key_str(no_client_email_part3);
183 1 : grpc_auth_json_key json_key =
184 : grpc_auth_json_key_create_from_string(json_string);
185 1 : GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key));
186 1 : gpr_free(json_string);
187 1 : grpc_auth_json_key_destruct(&json_key);
188 1 : }
189 :
190 1 : static void test_parse_json_key_failure_no_private_key_id(void) {
191 1 : const char no_private_key_id_part3[] =
192 : "\"client_email\": "
193 : "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
194 : "com\", \"client_id\": "
195 : "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
196 : "com\", \"type\": \"service_account\" }";
197 1 : char *json_string = test_json_key_str(no_private_key_id_part3);
198 1 : grpc_auth_json_key json_key =
199 : grpc_auth_json_key_create_from_string(json_string);
200 1 : GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key));
201 1 : gpr_free(json_string);
202 1 : grpc_auth_json_key_destruct(&json_key);
203 1 : }
204 :
205 1 : static void test_parse_json_key_failure_no_private_key(void) {
206 1 : const char no_private_key_json_string[] =
207 : "{ \"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
208 : "\"client_email\": "
209 : "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
210 : "com\", \"client_id\": "
211 : "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
212 : "com\", \"type\": \"service_account\" }";
213 1 : grpc_auth_json_key json_key =
214 : grpc_auth_json_key_create_from_string(no_private_key_json_string);
215 1 : GPR_ASSERT(!grpc_auth_json_key_is_valid(&json_key));
216 1 : grpc_auth_json_key_destruct(&json_key);
217 1 : }
218 :
219 4 : static grpc_json *parse_json_part_from_jwt(const char *str, size_t len,
220 : char **scratchpad) {
221 : char *b64;
222 : char *decoded;
223 : grpc_json *json;
224 : gpr_slice slice;
225 4 : b64 = gpr_malloc(len + 1);
226 4 : strncpy(b64, str, len);
227 4 : b64[len] = '\0';
228 4 : slice = grpc_base64_decode(b64, 1);
229 4 : GPR_ASSERT(!GPR_SLICE_IS_EMPTY(slice));
230 4 : decoded = gpr_malloc(GPR_SLICE_LENGTH(slice) + 1);
231 4 : strncpy(decoded, (const char *)GPR_SLICE_START_PTR(slice),
232 4 : GPR_SLICE_LENGTH(slice));
233 4 : decoded[GPR_SLICE_LENGTH(slice)] = '\0';
234 4 : json = grpc_json_parse_string(decoded);
235 4 : gpr_free(b64);
236 4 : *scratchpad = decoded;
237 4 : gpr_slice_unref(slice);
238 4 : return json;
239 : }
240 :
241 2 : static void check_jwt_header(grpc_json *header) {
242 : grpc_json *ptr;
243 2 : grpc_json *alg = NULL;
244 2 : grpc_json *typ = NULL;
245 2 : grpc_json *kid = NULL;
246 :
247 8 : for (ptr = header->child; ptr; ptr = ptr->next) {
248 6 : if (strcmp(ptr->key, "alg") == 0) {
249 2 : alg = ptr;
250 4 : } else if (strcmp(ptr->key, "typ") == 0) {
251 2 : typ = ptr;
252 2 : } else if (strcmp(ptr->key, "kid") == 0) {
253 2 : kid = ptr;
254 : }
255 : }
256 2 : GPR_ASSERT(alg != NULL);
257 2 : GPR_ASSERT(alg->type == GRPC_JSON_STRING);
258 2 : GPR_ASSERT(strcmp(alg->value, "RS256") == 0);
259 :
260 2 : GPR_ASSERT(typ != NULL);
261 2 : GPR_ASSERT(typ->type == GRPC_JSON_STRING);
262 2 : GPR_ASSERT(strcmp(typ->value, "JWT") == 0);
263 :
264 2 : GPR_ASSERT(kid != NULL);
265 2 : GPR_ASSERT(kid->type == GRPC_JSON_STRING);
266 2 : GPR_ASSERT(strcmp(kid->value, "e6b5137873db8d2ef81e06a47289e6434ec8a165") ==
267 : 0);
268 2 : }
269 :
270 2 : static void check_jwt_claim(grpc_json *claim, const char *expected_audience,
271 : const char *expected_scope) {
272 2 : gpr_timespec expiration = gpr_time_0(GPR_CLOCK_REALTIME);
273 2 : gpr_timespec issue_time = gpr_time_0(GPR_CLOCK_REALTIME);
274 : gpr_timespec parsed_lifetime;
275 2 : grpc_json *iss = NULL;
276 2 : grpc_json *scope = NULL;
277 2 : grpc_json *aud = NULL;
278 2 : grpc_json *exp = NULL;
279 2 : grpc_json *iat = NULL;
280 2 : grpc_json *sub = NULL;
281 : grpc_json *ptr;
282 :
283 12 : for (ptr = claim->child; ptr; ptr = ptr->next) {
284 10 : if (strcmp(ptr->key, "iss") == 0) {
285 2 : iss = ptr;
286 8 : } else if (strcmp(ptr->key, "sub") == 0) {
287 1 : sub = ptr;
288 7 : } else if (strcmp(ptr->key, "scope") == 0) {
289 1 : scope = ptr;
290 6 : } else if (strcmp(ptr->key, "aud") == 0) {
291 2 : aud = ptr;
292 4 : } else if (strcmp(ptr->key, "exp") == 0) {
293 2 : exp = ptr;
294 2 : } else if (strcmp(ptr->key, "iat") == 0) {
295 2 : iat = ptr;
296 : }
297 : }
298 :
299 2 : GPR_ASSERT(iss != NULL);
300 2 : GPR_ASSERT(iss->type == GRPC_JSON_STRING);
301 2 : GPR_ASSERT(
302 : strcmp(
303 : iss->value,
304 : "777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount.com") ==
305 : 0);
306 :
307 2 : if (expected_scope != NULL) {
308 1 : GPR_ASSERT(scope != NULL);
309 1 : GPR_ASSERT(sub == NULL);
310 1 : GPR_ASSERT(scope->type == GRPC_JSON_STRING);
311 1 : GPR_ASSERT(strcmp(scope->value, expected_scope) == 0);
312 : } else {
313 : /* Claims without scope must have a sub. */
314 1 : GPR_ASSERT(scope == NULL);
315 1 : GPR_ASSERT(sub != NULL);
316 1 : GPR_ASSERT(sub->type == GRPC_JSON_STRING);
317 1 : GPR_ASSERT(strcmp(iss->value, sub->value) == 0);
318 : }
319 :
320 2 : GPR_ASSERT(aud != NULL);
321 2 : GPR_ASSERT(aud->type == GRPC_JSON_STRING);
322 2 : GPR_ASSERT(strcmp(aud->value, expected_audience) == 0);
323 :
324 2 : GPR_ASSERT(exp != NULL);
325 2 : GPR_ASSERT(exp->type == GRPC_JSON_NUMBER);
326 2 : expiration.tv_sec = strtol(exp->value, NULL, 10);
327 :
328 2 : GPR_ASSERT(iat != NULL);
329 2 : GPR_ASSERT(iat->type == GRPC_JSON_NUMBER);
330 2 : issue_time.tv_sec = strtol(iat->value, NULL, 10);
331 :
332 2 : parsed_lifetime = gpr_time_sub(expiration, issue_time);
333 2 : GPR_ASSERT(parsed_lifetime.tv_sec == grpc_max_auth_token_lifetime.tv_sec);
334 2 : }
335 :
336 2 : static void check_jwt_signature(const char *b64_signature, RSA *rsa_key,
337 : const char *signed_data,
338 : size_t signed_data_size) {
339 2 : EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
340 2 : EVP_PKEY *key = EVP_PKEY_new();
341 :
342 2 : gpr_slice sig = grpc_base64_decode(b64_signature, 1);
343 2 : GPR_ASSERT(!GPR_SLICE_IS_EMPTY(sig));
344 2 : GPR_ASSERT(GPR_SLICE_LENGTH(sig) == 128);
345 :
346 2 : GPR_ASSERT(md_ctx != NULL);
347 2 : GPR_ASSERT(key != NULL);
348 2 : EVP_PKEY_set1_RSA(key, rsa_key);
349 :
350 2 : GPR_ASSERT(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, key) == 1);
351 2 : GPR_ASSERT(EVP_DigestVerifyUpdate(md_ctx, signed_data, signed_data_size) ==
352 : 1);
353 2 : GPR_ASSERT(EVP_DigestVerifyFinal(md_ctx, GPR_SLICE_START_PTR(sig),
354 : GPR_SLICE_LENGTH(sig)) == 1);
355 :
356 2 : gpr_slice_unref(sig);
357 2 : if (key != NULL) EVP_PKEY_free(key);
358 2 : if (md_ctx != NULL) EVP_MD_CTX_destroy(md_ctx);
359 2 : }
360 :
361 1 : static char *service_account_creds_jwt_encode_and_sign(
362 : const grpc_auth_json_key *key) {
363 1 : return grpc_jwt_encode_and_sign(key, GRPC_JWT_OAUTH2_AUDIENCE,
364 : grpc_max_auth_token_lifetime, test_scope);
365 : }
366 :
367 1 : static char *jwt_creds_jwt_encode_and_sign(const grpc_auth_json_key *key) {
368 1 : return grpc_jwt_encode_and_sign(key, test_service_url,
369 : grpc_max_auth_token_lifetime, NULL);
370 : }
371 :
372 1 : static void service_account_creds_check_jwt_claim(grpc_json *claim) {
373 1 : check_jwt_claim(claim, GRPC_JWT_OAUTH2_AUDIENCE, test_scope);
374 1 : }
375 :
376 1 : static void jwt_creds_check_jwt_claim(grpc_json *claim) {
377 1 : check_jwt_claim(claim, test_service_url, NULL);
378 1 : }
379 :
380 2 : static void test_jwt_encode_and_sign(
381 : char *(*jwt_encode_and_sign_func)(const grpc_auth_json_key *),
382 : void (*check_jwt_claim_func)(grpc_json *)) {
383 2 : char *json_string = test_json_key_str(NULL);
384 2 : grpc_json *parsed_header = NULL;
385 2 : grpc_json *parsed_claim = NULL;
386 : char *scratchpad;
387 2 : grpc_auth_json_key json_key =
388 : grpc_auth_json_key_create_from_string(json_string);
389 : const char *b64_signature;
390 2 : size_t offset = 0;
391 2 : char *jwt = jwt_encode_and_sign_func(&json_key);
392 2 : const char *dot = strchr(jwt, '.');
393 2 : GPR_ASSERT(dot != NULL);
394 2 : parsed_header =
395 2 : parse_json_part_from_jwt(jwt, (size_t)(dot - jwt), &scratchpad);
396 2 : GPR_ASSERT(parsed_header != NULL);
397 2 : check_jwt_header(parsed_header);
398 2 : offset = (size_t)(dot - jwt) + 1;
399 2 : grpc_json_destroy(parsed_header);
400 2 : gpr_free(scratchpad);
401 :
402 2 : dot = strchr(jwt + offset, '.');
403 2 : GPR_ASSERT(dot != NULL);
404 2 : parsed_claim = parse_json_part_from_jwt(
405 2 : jwt + offset, (size_t)(dot - (jwt + offset)), &scratchpad);
406 2 : GPR_ASSERT(parsed_claim != NULL);
407 2 : check_jwt_claim_func(parsed_claim);
408 2 : offset = (size_t)(dot - jwt) + 1;
409 2 : grpc_json_destroy(parsed_claim);
410 2 : gpr_free(scratchpad);
411 :
412 2 : dot = strchr(jwt + offset, '.');
413 2 : GPR_ASSERT(dot == NULL); /* no more part. */
414 2 : b64_signature = jwt + offset;
415 2 : check_jwt_signature(b64_signature, json_key.private_key, jwt, offset - 1);
416 :
417 2 : gpr_free(json_string);
418 2 : grpc_auth_json_key_destruct(&json_key);
419 2 : gpr_free(jwt);
420 2 : }
421 :
422 1 : static void test_service_account_creds_jwt_encode_and_sign(void) {
423 1 : test_jwt_encode_and_sign(service_account_creds_jwt_encode_and_sign,
424 : service_account_creds_check_jwt_claim);
425 1 : }
426 :
427 1 : static void test_jwt_creds_jwt_encode_and_sign(void) {
428 1 : test_jwt_encode_and_sign(jwt_creds_jwt_encode_and_sign,
429 : jwt_creds_check_jwt_claim);
430 1 : }
431 :
432 1 : static void test_parse_refresh_token_success(void) {
433 1 : grpc_auth_refresh_token refresh_token =
434 : grpc_auth_refresh_token_create_from_string(test_refresh_token_str);
435 1 : GPR_ASSERT(grpc_auth_refresh_token_is_valid(&refresh_token));
436 1 : GPR_ASSERT(refresh_token.type != NULL &&
437 : (strcmp(refresh_token.type, "authorized_user") == 0));
438 1 : GPR_ASSERT(refresh_token.client_id != NULL &&
439 : (strcmp(refresh_token.client_id,
440 : "32555999999.apps.googleusercontent.com") == 0));
441 1 : GPR_ASSERT(
442 : refresh_token.client_secret != NULL &&
443 : (strcmp(refresh_token.client_secret, "EmssLNjJy1332hD4KFsecret") == 0));
444 1 : GPR_ASSERT(refresh_token.refresh_token != NULL &&
445 : (strcmp(refresh_token.refresh_token,
446 : "1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42") == 0));
447 1 : grpc_auth_refresh_token_destruct(&refresh_token);
448 1 : }
449 :
450 1 : static void test_parse_refresh_token_failure_no_type(void) {
451 1 : const char refresh_token_str[] =
452 : "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
453 : " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
454 : " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"}";
455 1 : grpc_auth_refresh_token refresh_token =
456 : grpc_auth_refresh_token_create_from_string(refresh_token_str);
457 1 : GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token));
458 1 : }
459 :
460 1 : static void test_parse_refresh_token_failure_no_client_id(void) {
461 1 : const char refresh_token_str[] =
462 : "{ \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
463 : " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
464 : " \"type\": \"authorized_user\"}";
465 1 : grpc_auth_refresh_token refresh_token =
466 : grpc_auth_refresh_token_create_from_string(refresh_token_str);
467 1 : GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token));
468 1 : }
469 :
470 1 : static void test_parse_refresh_token_failure_no_client_secret(void) {
471 1 : const char refresh_token_str[] =
472 : "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
473 : " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
474 : " \"type\": \"authorized_user\"}";
475 1 : grpc_auth_refresh_token refresh_token =
476 : grpc_auth_refresh_token_create_from_string(refresh_token_str);
477 1 : GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token));
478 1 : }
479 :
480 1 : static void test_parse_refresh_token_failure_no_refresh_token(void) {
481 1 : const char refresh_token_str[] =
482 : "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
483 : " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
484 : " \"type\": \"authorized_user\"}";
485 1 : grpc_auth_refresh_token refresh_token =
486 : grpc_auth_refresh_token_create_from_string(refresh_token_str);
487 1 : GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token));
488 1 : }
489 :
490 1 : int main(int argc, char **argv) {
491 1 : grpc_test_init(argc, argv);
492 1 : test_parse_json_key_success();
493 1 : test_parse_json_key_failure_bad_json();
494 1 : test_parse_json_key_failure_no_type();
495 1 : test_parse_json_key_failure_no_client_id();
496 1 : test_parse_json_key_failure_no_client_email();
497 1 : test_parse_json_key_failure_no_private_key_id();
498 1 : test_parse_json_key_failure_no_private_key();
499 1 : test_service_account_creds_jwt_encode_and_sign();
500 1 : test_jwt_creds_jwt_encode_and_sign();
501 1 : test_parse_refresh_token_success();
502 1 : test_parse_refresh_token_failure_no_type();
503 1 : test_parse_refresh_token_failure_no_client_id();
504 1 : test_parse_refresh_token_failure_no_client_secret();
505 1 : test_parse_refresh_token_failure_no_refresh_token();
506 1 : return 0;
507 : }
|