1 /* 2 * 3 * Copyright 2015 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H 20 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H 21 22 #include <grpc/support/port_platform.h> 23 24 #include <grpc/slice.h> 25 #include <openssl/rsa.h> 26 27 #include "src/core/lib/json/json.h" 28 29 /* --- Constants. --- */ 30 31 #define GRPC_JWT_OAUTH2_AUDIENCE "https://oauth2.googleapis.com/token" 32 33 /* --- auth_json_key parsing. --- */ 34 35 struct grpc_auth_json_key { 36 const char* type; 37 char* private_key_id; 38 char* client_id; 39 char* client_email; 40 RSA* private_key; 41 }; 42 /* Returns 1 if the object is valid, 0 otherwise. */ 43 int grpc_auth_json_key_is_valid(const grpc_auth_json_key* json_key); 44 45 /* Creates a json_key object from string. Returns an invalid object if a parsing 46 error has been encountered. */ 47 grpc_auth_json_key grpc_auth_json_key_create_from_string( 48 const char* json_string); 49 50 /* Creates a json_key object from parsed json. Returns an invalid object if a 51 parsing error has been encountered. */ 52 grpc_auth_json_key grpc_auth_json_key_create_from_json( 53 const grpc_core::Json& json); 54 55 /* Destructs the object. */ 56 void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key); 57 58 /* --- json token encoding and signing. --- */ 59 60 /* Caller is responsible for calling gpr_free on the returned value. May return 61 NULL on invalid input. The scope parameter may be NULL. */ 62 char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, 63 const char* audience, 64 gpr_timespec token_lifetime, const char* scope); 65 66 /* Override encode_and_sign function for testing. */ 67 typedef char* (*grpc_jwt_encode_and_sign_override)( 68 const grpc_auth_json_key* json_key, const char* audience, 69 gpr_timespec token_lifetime, const char* scope); 70 71 /* Set a custom encode_and_sign override for testing. */ 72 void grpc_jwt_encode_and_sign_set_override( 73 grpc_jwt_encode_and_sign_override func); 74 75 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H */ 76