1 // 2 // 3 // Copyright 2015 gRPC authors. 4 // 5 // Licensed under the Apache License, Version 2.0 (the "License"); 6 // you may not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, software 12 // distributed under the License is distributed on an "AS IS" BASIS, 13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 // See the License for the specific language governing permissions and 15 // limitations under the License. 16 // 17 // 18 19 #ifndef GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H 20 #define GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H 21 22 #include <grpc/support/port_platform.h> 23 #include <grpc/support/time.h> 24 #include <openssl/crypto.h> 25 26 #include "src/core/util/json/json.h" 27 28 // --- Constants. --- 29 30 #define GRPC_JWT_OAUTH2_AUDIENCE "https://oauth2.googleapis.com/token" 31 32 // --- auth_json_key parsing. --- 33 34 struct grpc_auth_json_key { 35 const char* type; 36 char* private_key_id; 37 char* client_id; 38 char* client_email; 39 #if OPENSSL_VERSION_NUMBER < 0x30000000L 40 RSA* private_key; 41 #else 42 EVP_PKEY* private_key; 43 #endif 44 }; 45 // Returns 1 if the object is valid, 0 otherwise. 46 int grpc_auth_json_key_is_valid(const grpc_auth_json_key* json_key); 47 48 // Creates a json_key object from string. Returns an invalid object if a parsing 49 // error has been encountered. 50 grpc_auth_json_key grpc_auth_json_key_create_from_string( 51 const char* json_string); 52 53 // Creates a json_key object from parsed json. Returns an invalid object if a 54 // parsing error has been encountered. 55 grpc_auth_json_key grpc_auth_json_key_create_from_json( 56 const grpc_core::Json& json); 57 58 // Destructs the object. 59 void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key); 60 61 // --- json token encoding and signing. --- 62 63 // Caller is responsible for calling gpr_free on the returned value. May return 64 // NULL on invalid input. The scope parameter may be NULL. 65 char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, 66 const char* audience, 67 gpr_timespec token_lifetime, const char* scope); 68 69 // Override encode_and_sign function for testing. 70 typedef char* (*grpc_jwt_encode_and_sign_override)( 71 const grpc_auth_json_key* json_key, const char* audience, 72 gpr_timespec token_lifetime, const char* scope); 73 74 // Set a custom encode_and_sign override for testing. 75 void grpc_jwt_encode_and_sign_set_override( 76 grpc_jwt_encode_and_sign_override func); 77 78 #endif // GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H 79