/* * * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following disclaimer * in the documentation and/or other materials provided with the * distribution. * * Neither the name of Google Inc. nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include #include #include #include #include #include #include #include #include #include "src/core/security/credentials.h" #include "src/core/support/file.h" typedef struct { gpr_cv cv; gpr_mu mu; int is_done; } synchronizer; static void on_oauth2_response(void *user_data, grpc_mdelem **md_elems, size_t num_md, grpc_credentials_status status) { synchronizer *sync = user_data; char *token; gpr_slice token_slice; if (status == GRPC_CREDENTIALS_ERROR) { gpr_log(GPR_ERROR, "Fetching token failed."); } else { GPR_ASSERT(num_md == 1); token_slice = md_elems[0]->value->slice; token = gpr_malloc(GPR_SLICE_LENGTH(token_slice) + 1); memcpy(token, GPR_SLICE_START_PTR(token_slice), GPR_SLICE_LENGTH(token_slice)); token[GPR_SLICE_LENGTH(token_slice)] = '\0'; printf("Got token: %s.\n", token); gpr_free(token); } gpr_mu_lock(&sync->mu); sync->is_done = 1; gpr_mu_unlock(&sync->mu); gpr_cv_signal(&sync->cv); } static grpc_credentials *create_service_account_creds( const char *json_key_file_path, const char *scope) { int success; gpr_slice json_key = gpr_load_file(json_key_file_path, 1, &success); if (!success) { gpr_log(GPR_ERROR, "Could not read file %s.", json_key_file_path); exit(1); } return grpc_service_account_credentials_create( (const char *)GPR_SLICE_START_PTR(json_key), scope, grpc_max_auth_token_lifetime); } static grpc_credentials *create_refresh_token_creds( const char *json_refresh_token_file_path) { int success; gpr_slice refresh_token = gpr_load_file(json_refresh_token_file_path, 1, &success); if (!success) { gpr_log(GPR_ERROR, "Could not read file %s.", json_refresh_token_file_path); exit(1); } return grpc_refresh_token_credentials_create( (const char *)GPR_SLICE_START_PTR(refresh_token)); } int main(int argc, char **argv) { synchronizer sync; grpc_credentials *creds = NULL; char *json_key_file_path = NULL; char *json_refresh_token_file_path = NULL; int use_gce = 0; char *scope = NULL; gpr_cmdline *cl = gpr_cmdline_create("fetch_oauth2"); gpr_cmdline_add_string(cl, "json_key", "File path of the json key. Mutually exclusive with " "--json_refresh_token.", &json_key_file_path); gpr_cmdline_add_string(cl, "json_refresh_token", "File path of the json refresh token. Mutually " "exclusive with --json_key.", &json_refresh_token_file_path); gpr_cmdline_add_string(cl, "scope", "Space delimited permissions. Only used for " "--json_key, ignored otherwise.", &scope); gpr_cmdline_add_flag( cl, "gce", "Get a token from the GCE metadata server (only works in GCE).", &use_gce); gpr_cmdline_parse(cl, argc, argv); grpc_init(); if (json_key_file_path != NULL && json_refresh_token_file_path != NULL) { gpr_log(GPR_ERROR, "--json_key and --json_refresh_token are mutually exclusive."); exit(1); } if (use_gce) { if (json_key_file_path != NULL || scope != NULL) { gpr_log(GPR_INFO, "Ignoring json key and scope to get a token from the GCE " "metadata server."); } creds = grpc_compute_engine_credentials_create(); if (creds == NULL) { gpr_log(GPR_ERROR, "Could not create gce credentials."); exit(1); } } else if (json_refresh_token_file_path != NULL) { creds = create_refresh_token_creds(json_refresh_token_file_path); if (creds == NULL) { gpr_log(GPR_ERROR, "Could not create refresh token creds. %s does probably not " "contain a valid json refresh token.", json_refresh_token_file_path); exit(1); } } else { if (json_key_file_path == NULL) { gpr_log(GPR_ERROR, "Missing --json_key option."); exit(1); } if (scope == NULL) { gpr_log(GPR_ERROR, "Missing --scope option."); exit(1); } creds = create_service_account_creds(json_key_file_path, scope); if (creds == NULL) { gpr_log(GPR_ERROR, "Could not create service account creds. %s does probably not " "contain a valid json key.", json_key_file_path); exit(1); } } GPR_ASSERT(creds != NULL); gpr_mu_init(&sync.mu); gpr_cv_init(&sync.cv); sync.is_done = 0; grpc_credentials_get_request_metadata(creds, "", on_oauth2_response, &sync); gpr_mu_lock(&sync.mu); while (!sync.is_done) gpr_cv_wait(&sync.cv, &sync.mu, gpr_inf_future); gpr_mu_unlock(&sync.mu); gpr_mu_destroy(&sync.mu); gpr_cv_destroy(&sync.cv); grpc_credentials_release(creds); gpr_cmdline_destroy(cl); grpc_shutdown(); return 0; }