Fix jwt_verifier_test

pull/6897/head
Craig Tiller 9 years ago
parent be0d7fe60d
commit 65279fe4e3
  1. 18
      src/core/lib/security/credentials/jwt/jwt_verifier.c
  2. 14
      test/core/security/jwt_verifier_test.c

@ -44,6 +44,7 @@
#include <grpc/support/log.h> #include <grpc/support/log.h>
#include <grpc/support/string_util.h> #include <grpc/support/string_util.h>
#include <grpc/support/sync.h> #include <grpc/support/sync.h>
#include <grpc/support/useful.h>
#include <openssl/pem.h> #include <openssl/pem.h>
/* --- Utils. --- */ /* --- Utils. --- */
@ -329,7 +330,7 @@ typedef struct {
gpr_slice signed_data; gpr_slice signed_data;
void *user_data; void *user_data;
grpc_jwt_verification_done_cb user_cb; grpc_jwt_verification_done_cb user_cb;
grpc_http_response response; grpc_http_response responses[2];
} verifier_cb_ctx; } verifier_cb_ctx;
/* Takes ownership of the header, claims and signature. */ /* Takes ownership of the header, claims and signature. */
@ -358,6 +359,9 @@ void verifier_cb_ctx_destroy(verifier_cb_ctx *ctx) {
gpr_slice_unref(ctx->signature); gpr_slice_unref(ctx->signature);
gpr_slice_unref(ctx->signed_data); gpr_slice_unref(ctx->signed_data);
jose_header_destroy(ctx->header); jose_header_destroy(ctx->header);
for (size_t i = 0; i < GPR_ARRAY_SIZE(ctx->responses); i++) {
grpc_http_response_destroy(&ctx->responses[i]);
}
/* TODO: see what to do with claims... */ /* TODO: see what to do with claims... */
gpr_free(ctx); gpr_free(ctx);
} }
@ -574,7 +578,7 @@ end:
static void on_keys_retrieved(grpc_exec_ctx *exec_ctx, void *user_data, static void on_keys_retrieved(grpc_exec_ctx *exec_ctx, void *user_data,
grpc_error *error) { grpc_error *error) {
verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data; verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data;
grpc_json *json = json_from_http(&ctx->response); grpc_json *json = json_from_http(&ctx->responses[1]);
EVP_PKEY *verification_key = NULL; EVP_PKEY *verification_key = NULL;
grpc_jwt_verifier_status status = GRPC_JWT_VERIFIER_GENERIC_ERROR; grpc_jwt_verifier_status status = GRPC_JWT_VERIFIER_GENERIC_ERROR;
grpc_jwt_claims *claims = NULL; grpc_jwt_claims *claims = NULL;
@ -616,7 +620,7 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data,
grpc_error *error) { grpc_error *error) {
const grpc_json *cur; const grpc_json *cur;
verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data; verifier_cb_ctx *ctx = (verifier_cb_ctx *)user_data;
const grpc_http_response *response = &ctx->response; const grpc_http_response *response = &ctx->responses[0];
grpc_json *json = json_from_http(response); grpc_json *json = json_from_http(response);
grpc_httpcli_request req; grpc_httpcli_request req;
const char *jwks_uri; const char *jwks_uri;
@ -643,10 +647,11 @@ static void on_openid_config_retrieved(grpc_exec_ctx *exec_ctx, void *user_data,
} else { } else {
*(req.host + (req.http.path - jwks_uri)) = '\0'; *(req.host + (req.http.path - jwks_uri)) = '\0';
} }
grpc_httpcli_get( grpc_httpcli_get(
exec_ctx, &ctx->verifier->http_ctx, ctx->pollset, &req, exec_ctx, &ctx->verifier->http_ctx, ctx->pollset, &req,
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay), gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay),
grpc_closure_create(on_keys_retrieved, ctx), &ctx->response); grpc_closure_create(on_keys_retrieved, ctx), &ctx->responses[1]);
grpc_json_destroy(json); grpc_json_destroy(json);
gpr_free(req.host); gpr_free(req.host);
return; return;
@ -694,6 +699,7 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx,
grpc_httpcli_request req; grpc_httpcli_request req;
memset(&req, 0, sizeof(grpc_httpcli_request)); memset(&req, 0, sizeof(grpc_httpcli_request));
req.handshaker = &grpc_httpcli_ssl; req.handshaker = &grpc_httpcli_ssl;
int rsp_idx;
GPR_ASSERT(ctx != NULL && ctx->header != NULL && ctx->claims != NULL); GPR_ASSERT(ctx != NULL && ctx->header != NULL && ctx->claims != NULL);
iss = ctx->claims->iss; iss = ctx->claims->iss;
@ -733,6 +739,7 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx,
gpr_asprintf(&req.http.path, "/%s/%s", path_prefix, iss); gpr_asprintf(&req.http.path, "/%s/%s", path_prefix, iss);
} }
http_cb = grpc_closure_create(on_keys_retrieved, ctx); http_cb = grpc_closure_create(on_keys_retrieved, ctx);
rsp_idx = 1;
} else { } else {
req.host = gpr_strdup(strstr(iss, "https://") == iss ? iss + 8 : iss); req.host = gpr_strdup(strstr(iss, "https://") == iss ? iss + 8 : iss);
path_prefix = strchr(req.host, '/'); path_prefix = strchr(req.host, '/');
@ -744,12 +751,13 @@ static void retrieve_key_and_verify(grpc_exec_ctx *exec_ctx,
GRPC_OPENID_CONFIG_URL_SUFFIX); GRPC_OPENID_CONFIG_URL_SUFFIX);
} }
http_cb = grpc_closure_create(on_openid_config_retrieved, ctx); http_cb = grpc_closure_create(on_openid_config_retrieved, ctx);
rsp_idx = 0;
} }
grpc_httpcli_get( grpc_httpcli_get(
exec_ctx, &ctx->verifier->http_ctx, ctx->pollset, &req, exec_ctx, &ctx->verifier->http_ctx, ctx->pollset, &req,
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay), gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), grpc_jwt_verifier_max_delay),
http_cb, &ctx->response); http_cb, &ctx->responses[rsp_idx]);
gpr_free(req.host); gpr_free(req.host);
gpr_free(req.http.path); gpr_free(req.http.path);
return; return;

@ -324,10 +324,10 @@ static void test_jwt_verifier_google_email_issuer_success(void) {
GPR_ASSERT(jwt != NULL); GPR_ASSERT(jwt != NULL);
grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience, grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience,
on_verification_success, (void *)expected_user_data); on_verification_success, (void *)expected_user_data);
grpc_exec_ctx_finish(&exec_ctx);
gpr_free(jwt); gpr_free(jwt);
grpc_jwt_verifier_destroy(verifier); grpc_jwt_verifier_destroy(verifier);
grpc_httpcli_set_override(NULL, NULL); grpc_httpcli_set_override(NULL, NULL);
grpc_exec_ctx_finish(&exec_ctx);
} }
static int httpcli_get_custom_keys_for_email( static int httpcli_get_custom_keys_for_email(
@ -358,10 +358,10 @@ static void test_jwt_verifier_custom_email_issuer_success(void) {
GPR_ASSERT(jwt != NULL); GPR_ASSERT(jwt != NULL);
grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience, grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience,
on_verification_success, (void *)expected_user_data); on_verification_success, (void *)expected_user_data);
grpc_exec_ctx_finish(&exec_ctx);
gpr_free(jwt); gpr_free(jwt);
grpc_jwt_verifier_destroy(verifier); grpc_jwt_verifier_destroy(verifier);
grpc_httpcli_set_override(NULL, NULL); grpc_httpcli_set_override(NULL, NULL);
grpc_exec_ctx_finish(&exec_ctx);
} }
static int httpcli_get_jwk_set(grpc_exec_ctx *exec_ctx, static int httpcli_get_jwk_set(grpc_exec_ctx *exec_ctx,
@ -407,10 +407,10 @@ static void test_jwt_verifier_url_issuer_success(void) {
GPR_ASSERT(jwt != NULL); GPR_ASSERT(jwt != NULL);
grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience, grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience,
on_verification_success, (void *)expected_user_data); on_verification_success, (void *)expected_user_data);
grpc_exec_ctx_finish(&exec_ctx);
gpr_free(jwt); gpr_free(jwt);
grpc_jwt_verifier_destroy(verifier); grpc_jwt_verifier_destroy(verifier);
grpc_httpcli_set_override(NULL, NULL); grpc_httpcli_set_override(NULL, NULL);
grpc_exec_ctx_finish(&exec_ctx);
} }
static void on_verification_key_retrieval_error(void *user_data, static void on_verification_key_retrieval_error(void *user_data,
@ -448,10 +448,10 @@ static void test_jwt_verifier_url_issuer_bad_config(void) {
grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience, grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience,
on_verification_key_retrieval_error, on_verification_key_retrieval_error,
(void *)expected_user_data); (void *)expected_user_data);
grpc_exec_ctx_finish(&exec_ctx);
gpr_free(jwt); gpr_free(jwt);
grpc_jwt_verifier_destroy(verifier); grpc_jwt_verifier_destroy(verifier);
grpc_httpcli_set_override(NULL, NULL); grpc_httpcli_set_override(NULL, NULL);
grpc_exec_ctx_finish(&exec_ctx);
} }
static void test_jwt_verifier_bad_json_key(void) { static void test_jwt_verifier_bad_json_key(void) {
@ -471,10 +471,10 @@ static void test_jwt_verifier_bad_json_key(void) {
grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience, grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience,
on_verification_key_retrieval_error, on_verification_key_retrieval_error,
(void *)expected_user_data); (void *)expected_user_data);
grpc_exec_ctx_finish(&exec_ctx);
gpr_free(jwt); gpr_free(jwt);
grpc_jwt_verifier_destroy(verifier); grpc_jwt_verifier_destroy(verifier);
grpc_httpcli_set_override(NULL, NULL); grpc_httpcli_set_override(NULL, NULL);
grpc_exec_ctx_finish(&exec_ctx);
} }
static void corrupt_jwt_sig(char *jwt) { static void corrupt_jwt_sig(char *jwt) {
@ -520,10 +520,10 @@ static void test_jwt_verifier_bad_signature(void) {
grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience, grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, jwt, expected_audience,
on_verification_bad_signature, on_verification_bad_signature,
(void *)expected_user_data); (void *)expected_user_data);
grpc_exec_ctx_finish(&exec_ctx);
gpr_free(jwt); gpr_free(jwt);
grpc_jwt_verifier_destroy(verifier); grpc_jwt_verifier_destroy(verifier);
grpc_httpcli_set_override(NULL, NULL); grpc_httpcli_set_override(NULL, NULL);
grpc_exec_ctx_finish(&exec_ctx);
} }
static int httpcli_get_should_not_be_called(grpc_exec_ctx *exec_ctx, static int httpcli_get_should_not_be_called(grpc_exec_ctx *exec_ctx,
@ -551,9 +551,9 @@ static void test_jwt_verifier_bad_format(void) {
grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, "bad jwt", grpc_jwt_verifier_verify(&exec_ctx, verifier, NULL, "bad jwt",
expected_audience, on_verification_bad_format, expected_audience, on_verification_bad_format,
(void *)expected_user_data); (void *)expected_user_data);
grpc_exec_ctx_finish(&exec_ctx);
grpc_jwt_verifier_destroy(verifier); grpc_jwt_verifier_destroy(verifier);
grpc_httpcli_set_override(NULL, NULL); grpc_httpcli_set_override(NULL, NULL);
grpc_exec_ctx_finish(&exec_ctx);
} }
/* find verification key: bad jks, cannot find key in jks */ /* find verification key: bad jks, cannot find key in jks */

Loading…
Cancel
Save