From 9fdc46aa0849428768635dbc9f3485d51c9afd48 Mon Sep 17 00:00:00 2001 From: Jan Tattermusch Date: Tue, 4 Jun 2019 07:22:24 -0400 Subject: [PATCH 1/2] php interop client: construct channel target like other languages do --- src/php/tests/interop/interop_client.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/php/tests/interop/interop_client.php b/src/php/tests/interop/interop_client.php index 19cbf21bc2b..e4750475dc5 100755 --- a/src/php/tests/interop/interop_client.php +++ b/src/php/tests/interop/interop_client.php @@ -530,12 +530,7 @@ function _makeStub($args) throw new Exception('Missing argument: --test_case is required'); } - if ($args['server_port'] === '443') { - $server_address = $args['server_host']; - } else { - $server_address = $args['server_host'].':'.$args['server_port']; - } - + $server_address = $args['server_host'].':'.$args['server_port']; $test_case = $args['test_case']; $host_override = ''; From 15cae38cbd38f06846c15df437a901fe70662a37 Mon Sep 17 00:00:00 2001 From: Jan Tattermusch Date: Tue, 4 Jun 2019 10:27:59 -0400 Subject: [PATCH 2/2] remove port suffix from JWT audience --- src/php/lib/Grpc/BaseStub.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/php/lib/Grpc/BaseStub.php b/src/php/lib/Grpc/BaseStub.php index fe81e377610..1d2c30341dd 100644 --- a/src/php/lib/Grpc/BaseStub.php +++ b/src/php/lib/Grpc/BaseStub.php @@ -199,6 +199,13 @@ class BaseStub */ private function _get_jwt_aud_uri($method) { + // TODO(jtattermusch): This is not the correct implementation + // of extracting JWT "aud" claim. We should rely on + // grpc_metadata_credentials_plugin which + // also provides the correct value of "aud" claim + // in the grpc_auth_metadata_context.service_url field. + // Trying to do the construction of "aud" field ourselves + // is bad. $last_slash_idx = strrpos($method, '/'); if ($last_slash_idx === false) { throw new \InvalidArgumentException( @@ -213,6 +220,12 @@ class BaseStub $hostname = $this->hostname; } + // Remove the port if it is 443 + // See https://github.com/grpc/grpc/blob/07c9f7a36b2a0d34fcffebc85649cf3b8c339b5d/src/core/lib/security/transport/client_auth_filter.cc#L205 + if ((strlen($hostname) > 4) && (substr($hostname, -4) === ":443")) { + $hostname = substr($hostname, 0, -4); + } + return 'https://'.$hostname.$service_name; }