Add oauth2_auth_token test case in interop test

Makefile

@@ -3419,6 +3419,7 @@ LIBGRPC_TEST_UTIL_SRC = \
     test/core/end2end/data/test_root_cert.c \
     test/core/end2end/cq_verifier.c \
     test/core/iomgr/endpoint_tests.c \
+    test/core/security/oauth2_utils.c \
     test/core/util/grpc_profiler.c \
     test/core/util/parse_hexstring.c \
     test/core/util/port_posix.c \
@@ -3463,6 +3464,7 @@ endif
 LIBGRPC_TEST_UTIL_UNSECURE_SRC = \
     test/core/end2end/cq_verifier.c \
     test/core/iomgr/endpoint_tests.c \
+    test/core/security/oauth2_utils.c \
     test/core/util/grpc_profiler.c \
     test/core/util/parse_hexstring.c \
     test/core/util/port_posix.c \

build.json

@@ -320,6 +320,7 @@
       "headers": [
         "test/core/end2end/cq_verifier.h",
         "test/core/iomgr/endpoint_tests.h",
+        "test/core/security/oauth2_utils.h",
         "test/core/util/grpc_profiler.h",
         "test/core/util/parse_hexstring.h",
         "test/core/util/port.h",
@@ -328,6 +329,7 @@
       "src": [
         "test/core/end2end/cq_verifier.c",
         "test/core/iomgr/endpoint_tests.c",
+        "test/core/security/oauth2_utils.c",
         "test/core/util/grpc_profiler.c",
         "test/core/util/parse_hexstring.c",
         "test/core/util/port_posix.c",

test/core/security/fetch_oauth2.c

@@ -44,35 +44,7 @@
 
 #include "src/core/security/credentials.h"
 #include "src/core/support/file.h"
-
-typedef struct {
-  grpc_pollset pollset;
-  int is_done;
-} synchronizer;
-
-static void on_oauth2_response(void *user_data,
-                               grpc_credentials_md *md_elems,
-                               size_t num_md, grpc_credentials_status status) {
-  synchronizer *sync = user_data;
-  char *token;
-  gpr_slice token_slice;
-  if (status == GRPC_CREDENTIALS_ERROR) {
-    gpr_log(GPR_ERROR, "Fetching token failed.");
-  } else {
-    GPR_ASSERT(num_md == 1);
-    token_slice = md_elems[0].value;
-    token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1);
-    memcpy(token, GPR_SLICE_START_PTR(token_slice),
-           GPR_SLICE_LENGTH(token_slice));
-    token[GPR_SLICE_LENGTH(token_slice)] = '\0';
-    printf("Got token: %s.\n", token);
-    gpr_free(token);
-  }
-  gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset));
-  sync->is_done = 1;
-  grpc_pollset_kick(&sync->pollset);
-  gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset));
-}
+#include "test/core/security/oauth2_utils.h"
 
 static grpc_credentials *create_service_account_creds(
     const char *json_key_file_path, const char *scope) {
@@ -101,10 +73,10 @@ static grpc_credentials *create_refresh_token_creds(
 }
 
 int main(int argc, char **argv) {
-  synchronizer sync;
   grpc_credentials *creds = NULL;
   char *json_key_file_path = NULL;
   char *json_refresh_token_file_path = NULL;
+  char *token = NULL;
   int use_gce = 0;
   char *scope = NULL;
   gpr_cmdline *cl = gpr_cmdline_create("fetch_oauth2");
@@ -175,16 +147,11 @@ int main(int argc, char **argv) {
   }
   GPR_ASSERT(creds != NULL);
 
-  grpc_pollset_init(&sync.pollset);
-  sync.is_done = 0;
-
-  grpc_credentials_get_request_metadata(creds, &sync.pollset, "", on_oauth2_response, &sync);
-
-  gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset));
-  while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future);
-  gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset));
-
-  grpc_pollset_destroy(&sync.pollset);
+  token = grpc_test_fetch_oauth2_token_with_credentials(creds);
+  if (token != NULL) {
+    printf("Got token: %s.\n", token);
+    gpr_free(token);
+  }
   grpc_credentials_release(creds);
   gpr_cmdline_destroy(cl);
   grpc_shutdown();

test/core/security/oauth2_utils.c

@@ -0,0 +1,92 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "test/core/security/oauth2_utils.h"
+
+#include <string.h>
+
+#include <grpc/grpc.h>
+#include <grpc/grpc_security.h>
+#include <grpc/support/alloc.h>
+#include <grpc/support/log.h>
+#include <grpc/support/slice.h>
+#include <grpc/support/sync.h>
+
+#include "src/core/security/credentials.h"
+
+typedef struct {
+  grpc_pollset pollset;
+  int is_done;
+  char *token;
+} synchronizer;
+
+static void on_oauth2_response(void *user_data, grpc_credentials_md *md_elems,
+                               size_t num_md, grpc_credentials_status status) {
+  synchronizer *sync = user_data;
+  char *token = NULL;
+  gpr_slice token_slice;
+  if (status == GRPC_CREDENTIALS_ERROR) {
+    gpr_log(GPR_ERROR, "Fetching token failed.");
+  } else {
+    GPR_ASSERT(num_md == 1);
+    token_slice = md_elems[0].value;
+    token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1);
+    memcpy(token, GPR_SLICE_START_PTR(token_slice),
+           GPR_SLICE_LENGTH(token_slice));
+    token[GPR_SLICE_LENGTH(token_slice)] = '\0';
+  }
+  gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset));
+  sync->is_done = 1;
+  sync->token = token;
+  grpc_pollset_kick(&sync->pollset);
+  gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset));
+}
+
+static void do_nothing(void *unused) {}
+
+char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds) {
+  synchronizer sync;
+  grpc_pollset_init(&sync.pollset);
+  sync.is_done = 0;
+
+  grpc_credentials_get_request_metadata(creds, &sync.pollset, "",
+                                        on_oauth2_response, &sync);
+
+  gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset));
+  while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future);
+  gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset));
+
+  grpc_pollset_shutdown(&sync.pollset, do_nothing, NULL);
+  grpc_pollset_destroy(&sync.pollset);
+  return sync.token;
+}

test/core/security/oauth2_utils.h

@@ -0,0 +1,51 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H
+#define GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H
+
+#include "src/core/security/credentials.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Fetch oauth2 access token with a credentials object. Does not take ownership.
+   Returns NULL on a failure. The caller should call gpr_free on the token. */
+char *grpc_test_fetch_oauth2_token_with_credentials(grpc_credentials *creds);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H */

test/cpp/interop/client.cc

@@ -68,6 +68,7 @@ DEFINE_string(test_case, "large_unary",
               "service_account_creds : large_unary with service_account auth; "
               "compute_engine_creds: large_unary with compute engine auth; "
               "jwt_token_creds: large_unary with JWT token auth; "
+              "oauth2_auth_token: raw oauth2 access token auth; "
               "all : all of above.");
 DEFINE_string(default_service_account, "",
               "Email of GCE default service account");
@@ -113,6 +114,9 @@ int main(int argc, char** argv) {
   } else if (FLAGS_test_case == "jwt_token_creds") {
     grpc::string json_key = GetServiceAccountJsonKey();
     client.DoJwtTokenCreds(json_key);
+  } else if (FLAGS_test_case == "oauth2_auth_token") {
+    grpc::string json_key = GetServiceAccountJsonKey();
+    client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope);
   } else if (FLAGS_test_case == "all") {
     client.DoEmpty();
     client.DoLargeUnary();
@@ -128,6 +132,7 @@ int main(int argc, char** argv) {
       grpc::string json_key = GetServiceAccountJsonKey();
       client.DoServiceAccountCreds(json_key, FLAGS_oauth_scope);
       client.DoJwtTokenCreds(json_key);
+      client.DoOauth2AuthToken(json_key, FLAGS_oauth_scope);
     }
     // compute_engine_creds only runs in GCE.
   } else {
@@ -136,8 +141,8 @@ int main(int argc, char** argv) {
         "Unsupported test case %s. Valid options are all|empty_unary|"
         "large_unary|client_streaming|server_streaming|half_duplex|ping_pong|"
         "cancel_after_begin|cancel_after_first_response|"
-        "timeout_on_sleeping_server|"
-        "service_account_creds|compute_engine_creds|jwt_token_creds",
+        "timeout_on_sleeping_server|service_account_creds|compute_engine_creds|"
+        "jwt_token_creds|oauth2_auth_token",
         FLAGS_test_case.c_str());
     ret = 1;
   }

test/cpp/interop/client_helper.cc

@@ -40,6 +40,7 @@
 #include <unistd.h>
 
 #include <grpc/grpc.h>
+#include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 #include <gflags/gflags.h>
 #include <grpc++/channel_arguments.h>
@@ -47,6 +48,8 @@
 #include <grpc++/create_channel.h>
 #include <grpc++/credentials.h>
 #include <grpc++/stream.h>
+#include "src/cpp/client/secure_credentials.h"
+#include "test/core/security/oauth2_utils.h"
 #include "test/cpp/util/create_test_channel.h"
 
 DECLARE_bool(enable_ssl);
@@ -62,6 +65,16 @@ DECLARE_string(oauth_scope);
 namespace grpc {
 namespace testing {
 
+namespace {
+std::shared_ptr<Credentials> CreateServiceAccountCredentials() {
+  GPR_ASSERT(FLAGS_enable_ssl);
+  grpc::string json_key = GetServiceAccountJsonKey();
+  std::chrono::seconds token_lifetime = std::chrono::hours(1);
+  return ServiceAccountCredentials(json_key, FLAGS_oauth_scope,
+                                   token_lifetime.count());
+}
+}  // namespace
+
 grpc::string GetServiceAccountJsonKey() {
   static grpc::string json_key;
   if (json_key.empty()) {
@@ -73,6 +86,20 @@ grpc::string GetServiceAccountJsonKey() {
   return json_key;
 }
 
+grpc::string GetOauth2AccessToken() {
+  std::shared_ptr<Credentials> creds = CreateServiceAccountCredentials();
+  SecureCredentials* secure_creds =
+      dynamic_cast<SecureCredentials*>(creds.get());
+  GPR_ASSERT(secure_creds != nullptr);
+  grpc_credentials* c_creds = secure_creds->GetRawCreds();
+  char* token = grpc_test_fetch_oauth2_token_with_credentials(c_creds);
+  GPR_ASSERT(token != nullptr);
+  gpr_log(GPR_INFO, "Get raw oauth2 access token: %s", token);
+  grpc::string access_token(token + sizeof("Bearer ") - 1);
+  gpr_free(token);
+  return access_token;
+}
+
 std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
     const grpc::string& test_case) {
   GPR_ASSERT(FLAGS_server_port);
@@ -82,12 +109,7 @@ std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
            FLAGS_server_port);
 
   if (test_case == "service_account_creds") {
-    std::shared_ptr<Credentials> creds;
-    GPR_ASSERT(FLAGS_enable_ssl);
-    grpc::string json_key = GetServiceAccountJsonKey();
-    std::chrono::seconds token_lifetime = std::chrono::hours(1);
-    creds = ServiceAccountCredentials(json_key, FLAGS_oauth_scope,
-                                      token_lifetime.count());
+    std::shared_ptr<Credentials> creds = CreateServiceAccountCredentials();
     return CreateTestChannel(host_port, FLAGS_server_host_override,
                              FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
   } else if (test_case == "compute_engine_creds") {
@@ -104,6 +126,11 @@ std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
     creds = JWTCredentials(json_key, token_lifetime.count());
     return CreateTestChannel(host_port, FLAGS_server_host_override,
                              FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
+  } else if (test_case == "oauth2_auth_token") {
+    grpc::string raw_token = GetOauth2AccessToken();
+    std::shared_ptr<Credentials> creds = AccessTokenCredentials(raw_token);
+    return CreateTestChannel(host_port, FLAGS_server_host_override,
+                             FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
   } else {
     return CreateTestChannel(host_port, FLAGS_server_host_override,
                              FLAGS_enable_ssl, FLAGS_use_prod_roots);

test/cpp/interop/client_helper.h

@@ -44,6 +44,8 @@ namespace testing {
 
 grpc::string GetServiceAccountJsonKey();
 
+grpc::string GetOauth2AccessToken();
+
 std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
     const grpc::string& test_case);
 

test/cpp/interop/interop_client.cc

@@ -143,6 +143,23 @@ void InteropClient::DoServiceAccountCreds(const grpc::string& username,
   gpr_log(GPR_INFO, "Large unary with service account creds done.");
 }
 
+void InteropClient::DoOauth2AuthToken(const grpc::string& username,
+                                      const grpc::string& oauth_scope) {
+  gpr_log(GPR_INFO,
+          "Sending a large unary rpc with raw oauth2 access token ...");
+  SimpleRequest request;
+  SimpleResponse response;
+  request.set_fill_username(true);
+  request.set_fill_oauth_scope(true);
+  PerformLargeUnary(&request, &response);
+  GPR_ASSERT(!response.username().empty());
+  GPR_ASSERT(!response.oauth_scope().empty());
+  GPR_ASSERT(username.find(response.username()) != grpc::string::npos);
+  const char* oauth_scope_str = response.oauth_scope().c_str();
+  GPR_ASSERT(oauth_scope.find(oauth_scope_str) != grpc::string::npos);
+  gpr_log(GPR_INFO, "Large unary with oauth2 access token done.");
+}
+
 void InteropClient::DoJwtTokenCreds(const grpc::string& username) {
   gpr_log(GPR_INFO, "Sending a large unary rpc with JWT token credentials ...");
   SimpleRequest request;

test/cpp/interop/interop_client.h

@@ -68,6 +68,9 @@ class InteropClient {
   // username is a string containing the user email
   void DoServiceAccountCreds(const grpc::string& username,
                              const grpc::string& oauth_scope);
+  // username is a string containing the user email
+  void DoOauth2AuthToken(const grpc::string& username,
+                         const grpc::string& oauth_scope);
 
  private:
   void PerformLargeUnary(SimpleRequest* request, SimpleResponse* response);

tools/run_tests/sources_and_headers.json

@@ -9096,6 +9096,7 @@
       "test/core/end2end/cq_verifier.h", 
       "test/core/end2end/data/ssl_test_data.h", 
       "test/core/iomgr/endpoint_tests.h", 
+      "test/core/security/oauth2_utils.h", 
       "test/core/util/grpc_profiler.h", 
       "test/core/util/parse_hexstring.h", 
       "test/core/util/port.h", 
@@ -9112,6 +9113,8 @@
       "test/core/end2end/data/test_root_cert.c", 
       "test/core/iomgr/endpoint_tests.c", 
       "test/core/iomgr/endpoint_tests.h", 
+      "test/core/security/oauth2_utils.c", 
+      "test/core/security/oauth2_utils.h", 
       "test/core/util/grpc_profiler.c", 
       "test/core/util/grpc_profiler.h", 
       "test/core/util/parse_hexstring.c", 
@@ -9132,6 +9135,7 @@
     "headers": [
       "test/core/end2end/cq_verifier.h", 
       "test/core/iomgr/endpoint_tests.h", 
+      "test/core/security/oauth2_utils.h", 
       "test/core/util/grpc_profiler.h", 
       "test/core/util/parse_hexstring.h", 
       "test/core/util/port.h", 
@@ -9144,6 +9148,8 @@
       "test/core/end2end/cq_verifier.h", 
       "test/core/iomgr/endpoint_tests.c", 
       "test/core/iomgr/endpoint_tests.h", 
+      "test/core/security/oauth2_utils.c", 
+      "test/core/security/oauth2_utils.h", 
       "test/core/util/grpc_profiler.c", 
       "test/core/util/grpc_profiler.h", 
       "test/core/util/parse_hexstring.c", 

vsprojects/grpc_test_util/grpc_test_util.vcxproj

@@ -149,6 +149,7 @@
     <ClInclude Include="..\..\test\core\end2end\data\ssl_test_data.h" />
     <ClInclude Include="..\..\test\core\end2end\cq_verifier.h" />
     <ClInclude Include="..\..\test\core\iomgr\endpoint_tests.h" />
+    <ClInclude Include="..\..\test\core\security\oauth2_utils.h" />
     <ClInclude Include="..\..\test\core\util\grpc_profiler.h" />
     <ClInclude Include="..\..\test\core\util\parse_hexstring.h" />
     <ClInclude Include="..\..\test\core\util\port.h" />
@@ -165,6 +166,8 @@
     </ClCompile>
     <ClCompile Include="..\..\test\core\iomgr\endpoint_tests.c">
     </ClCompile>
+    <ClCompile Include="..\..\test\core\security\oauth2_utils.c">
+    </ClCompile>
     <ClCompile Include="..\..\test\core\util\grpc_profiler.c">
     </ClCompile>
     <ClCompile Include="..\..\test\core\util\parse_hexstring.c">