Adding refresh token parsing

This is the first step for refresh token credentials.
10 years ago · 75516068fa
parent 75c60c1a43
commit 75516068fa
3 changed files with 164 additions and 8 deletions
--- a/src/core/security/json_token.c
+++ b/src/core/security/json_token.c
@ -52,8 +52,9 @@
 /* 1 hour max. */
 const gpr_timespec grpc_max_auth_token_lifetime = {3600, 0};

-#define GRPC_AUTH_JSON_KEY_TYPE_INVALID "invalid"
-#define GRPC_AUTH_JSON_KEY_TYPE_SERVICE_ACCOUNT "service_account"
+#define GRPC_AUTH_JSON_TYPE_INVALID "invalid"
+#define GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT "service_account"
+#define GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER "authorized_user"

 #define GRPC_JWT_RSA_SHA256_ALGORITHM "RS256"
 #define GRPC_JWT_TYPE "JWT"
@ -87,7 +88,7 @@ static int set_json_key_string_property(grpc_json *json, const char *prop_name,

 int grpc_auth_json_key_is_valid(const grpc_auth_json_key *json_key) {
  return (json_key != NULL) &&
-         strcmp(json_key->type, GRPC_AUTH_JSON_KEY_TYPE_INVALID);
+         strcmp(json_key->type, GRPC_AUTH_JSON_TYPE_INVALID);
 }

 grpc_auth_json_key grpc_auth_json_key_create_from_string(
@ -100,7 +101,7 @@ grpc_auth_json_key grpc_auth_json_key_create_from_string(
  int success = 0;

  memset(&result, 0, sizeof(grpc_auth_json_key));
-  result.type = GRPC_AUTH_JSON_KEY_TYPE_INVALID;
+  result.type = GRPC_AUTH_JSON_TYPE_INVALID;
  if (json == NULL) {
    gpr_log(GPR_ERROR, "Invalid json string %s", json_string);
    goto end;
@ -108,10 +109,10 @@ grpc_auth_json_key grpc_auth_json_key_create_from_string(

  prop_value = json_get_string_property(json, "type");
  if (prop_value == NULL ||
-      strcmp(prop_value, GRPC_AUTH_JSON_KEY_TYPE_SERVICE_ACCOUNT)) {
+      strcmp(prop_value, GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT)) {
    goto end;
  }
-  result.type = GRPC_AUTH_JSON_KEY_TYPE_SERVICE_ACCOUNT;
+  result.type = GRPC_AUTH_JSON_TYPE_SERVICE_ACCOUNT;

  if (!set_json_key_string_property(json, "private_key_id",
                                    &result.private_key_id) ||
@ -148,7 +149,7 @@ end:

 void grpc_auth_json_key_destruct(grpc_auth_json_key *json_key) {
  if (json_key == NULL) return;
-  json_key->type = GRPC_AUTH_JSON_KEY_TYPE_INVALID;
+  json_key->type = GRPC_AUTH_JSON_TYPE_INVALID;
  if (json_key->client_id != NULL) {
    gpr_free(json_key->client_id);
    json_key->client_id = NULL;
@ -331,3 +332,67 @@ void grpc_jwt_encode_and_sign_set_override(
    grpc_jwt_encode_and_sign_override func) {
  g_jwt_encode_and_sign_override = func;
 }
+
+/* --- grpc_auth_refresh_token --- */
+
+int grpc_auth_refresh_token_is_valid(
+    const grpc_auth_refresh_token *refresh_token) {
+  return (refresh_token != NULL) &&
+         strcmp(refresh_token->type, GRPC_AUTH_JSON_TYPE_INVALID);
+}
+
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
+    const char *json_string) {
+  grpc_auth_refresh_token result;
+  char *scratchpad = gpr_strdup(json_string);
+  grpc_json *json = grpc_json_parse_string(scratchpad);
+  const char *prop_value;
+  int success = 0;
+
+  memset(&result, 0, sizeof(grpc_auth_refresh_token));
+  result.type = GRPC_AUTH_JSON_TYPE_INVALID;
+  if (json == NULL) {
+    gpr_log(GPR_ERROR, "Invalid json string %s", json_string);
+    goto end;
+  }
+
+  prop_value = json_get_string_property(json, "type");
+  if (prop_value == NULL ||
+      strcmp(prop_value, GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER)) {
+    goto end;
+  }
+  result.type = GRPC_AUTH_JSON_TYPE_AUTHORIZED_USER;
+
+  if (!set_json_key_string_property(json, "client_secret",
+                                    &result.client_secret) ||
+      !set_json_key_string_property(json, "client_id", &result.client_id) ||
+      !set_json_key_string_property(json, "refresh_token",
+                                    &result.refresh_token)) {
+    goto end;
+  }
+  success = 1;
+
+end:
+  if (json != NULL) grpc_json_destroy(json);
+  if (!success) grpc_auth_refresh_token_destruct(&result);
+  gpr_free(scratchpad);
+  return result;
+}
+
+void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token) {
+  if (refresh_token == NULL) return;
+  refresh_token->type = GRPC_AUTH_JSON_TYPE_INVALID;
+  if (refresh_token->client_id != NULL) {
+    gpr_free(refresh_token->client_id);
+    refresh_token->client_id = NULL;
+  }
+  if (refresh_token->client_secret != NULL) {
+    gpr_free(refresh_token->client_secret);
+    refresh_token->client_secret = NULL;
+  }
+  if (refresh_token->refresh_token != NULL) {
+    gpr_free(refresh_token->refresh_token);
+    refresh_token->refresh_token = NULL;
+  }
+}
+
--- a/src/core/security/json_token.h
+++ b/src/core/security/json_token.h
@ -44,7 +44,7 @@
 /* --- auth_json_key parsing. --- */

 typedef struct {
-  char *type;
+  const char *type;
  char *private_key_id;
  char *client_id;
  char *client_email;
@ -79,4 +79,25 @@ typedef char *(*grpc_jwt_encode_and_sign_override)(
 void grpc_jwt_encode_and_sign_set_override(
    grpc_jwt_encode_and_sign_override func);

+/* --- auth_refresh_token parsing. --- */
+
+typedef struct {
+  const char *type;
+  char *client_id;
+  char *client_secret;
+  char *refresh_token;
+} grpc_auth_refresh_token;
+
+/* Returns 1 if the object is valid, 0 otherwise. */
+int grpc_auth_refresh_token_is_valid(
+    const grpc_auth_refresh_token *refresh_token);
+
+/* Creates a refresh token object from string. Returns an invalid object if a
+   parsing error has been encountered. */
+grpc_auth_refresh_token grpc_auth_refresh_token_create_from_string(
+    const char *json_string);
+
+/* Destructs the object. */
+void grpc_auth_refresh_token_destruct(grpc_auth_refresh_token *refresh_token);
+
 #endif  /* GRPC_INTERNAL_CORE_SECURITY_JSON_TOKEN_H */
--- a/test/core/security/json_token_test.c
+++ b/test/core/security/json_token_test.c
@ -78,6 +78,13 @@ static const char test_json_key_str_part3[] =
    "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
    "com\", \"type\": \"service_account\" }";

+/* Test refresh token. */
+static const char test_refresh_token_str[] =
+    "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
+    "  \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
+    "  \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
+    "  \"type\": \"authorized_user\"}";
+
 static const char test_scope[] = "myperm1 myperm2";

 static const char test_service_url[] = "https://foo.com/foo.v1";
@ -419,6 +426,64 @@ static void test_jwt_creds_jwt_encode_and_sign(void) {
                           jwt_creds_check_jwt_claim);
 }

+static void test_parse_refresh_token_success(void) {
+  grpc_auth_refresh_token refresh_token =
+      grpc_auth_refresh_token_create_from_string(test_refresh_token_str);
+  GPR_ASSERT(grpc_auth_refresh_token_is_valid(&refresh_token));
+  GPR_ASSERT(refresh_token.type != NULL &&
+             !(strcmp(refresh_token.type, "authorized_user")));
+  GPR_ASSERT(refresh_token.client_id != NULL &&
+             !(strcmp(refresh_token.client_id,
+                      "32555999999.apps.googleusercontent.com")));
+  GPR_ASSERT(
+      refresh_token.client_secret != NULL &&
+      !(strcmp(refresh_token.client_secret, "EmssLNjJy1332hD4KFsecret")));
+  GPR_ASSERT(refresh_token.refresh_token != NULL &&
+             !(strcmp(refresh_token.refresh_token,
+                      "1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42")));
+  grpc_auth_refresh_token_destruct(&refresh_token);
+}
+
+static void test_parse_refresh_token_failure_no_type(void) {
+  const char refresh_token_str[] =
+      "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
+      "  \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
+      "  \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"}";
+  grpc_auth_refresh_token refresh_token =
+      grpc_auth_refresh_token_create_from_string(refresh_token_str);
+  GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token));
+}
+
+static void test_parse_refresh_token_failure_no_client_id(void) {
+  const char refresh_token_str[] =
+      "{ \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
+      "  \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
+      "  \"type\": \"authorized_user\"}";
+  grpc_auth_refresh_token refresh_token =
+      grpc_auth_refresh_token_create_from_string(refresh_token_str);
+  GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token));
+}
+
+static void test_parse_refresh_token_failure_no_client_secret(void) {
+  const char refresh_token_str[] =
+      "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
+      "  \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
+      "  \"type\": \"authorized_user\"}";
+  grpc_auth_refresh_token refresh_token =
+      grpc_auth_refresh_token_create_from_string(refresh_token_str);
+  GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token));
+}
+
+static void test_parse_refresh_token_failure_no_refresh_token(void) {
+  const char refresh_token_str[] =
+      "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
+      "  \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
+      "  \"type\": \"authorized_user\"}";
+  grpc_auth_refresh_token refresh_token =
+      grpc_auth_refresh_token_create_from_string(refresh_token_str);
+  GPR_ASSERT(!grpc_auth_refresh_token_is_valid(&refresh_token));
+}
+
 int main(int argc, char **argv) {
  grpc_test_init(argc, argv);
  test_parse_json_key_success();
@ -430,5 +495,10 @@ int main(int argc, char **argv) {
  test_parse_json_key_failure_no_private_key();
  test_service_account_creds_jwt_encode_and_sign();
  test_jwt_creds_jwt_encode_and_sign();
+  test_parse_refresh_token_success();
+  test_parse_refresh_token_failure_no_type();
+  test_parse_refresh_token_failure_no_client_id();
+  test_parse_refresh_token_failure_no_client_secret();
+  test_parse_refresh_token_failure_no_refresh_token();
  return 0;
 }