1 //
2 //
3 // Copyright 2015 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include <grpc/credentials.h>
20 #include <grpc/grpc.h>
21 #include <grpc/grpc_security.h>
22 #include <grpc/slice.h>
23 #include <grpc/support/alloc.h>
24 #include <grpc/support/sync.h>
25 #include <grpcpp/security/credentials.h>
26 #include <stdio.h>
27 #include <string.h>
28
29 #include "absl/log/check.h"
30 #include "absl/log/log.h"
31 #include "src/core/lib/iomgr/error.h"
32 #include "src/core/lib/security/credentials/credentials.h"
33 #include "src/core/lib/security/util/json_util.h"
34 #include "src/core/util/crash.h"
35 #include "src/cpp/client/secure_credentials.h"
36 #include "test/core/security/oauth2_utils.h"
37 #include "test/core/test_util/cmdline.h"
38 #include "test/core/test_util/tls_utils.h"
39
create_sts_creds(const char * json_file_path)40 static grpc_call_credentials* create_sts_creds(const char* json_file_path) {
41 grpc::experimental::StsCredentialsOptions options;
42 if (strlen(json_file_path) == 0) {
43 auto status = grpc::experimental::StsCredentialsOptionsFromEnv(&options);
44 if (!status.ok()) {
45 LOG(ERROR) << status.error_message();
46 return nullptr;
47 }
48 } else {
49 std::string sts_options =
50 grpc_core::testing::GetFileContents(json_file_path);
51 auto status = grpc::experimental::StsCredentialsOptionsFromJson(sts_options,
52 &options);
53 if (!status.ok()) {
54 LOG(ERROR) << status.error_message();
55 return nullptr;
56 }
57 }
58 grpc_sts_credentials_options opts =
59 grpc::experimental::StsCredentialsCppToCoreOptions(options);
60 grpc_call_credentials* result = grpc_sts_credentials_create(&opts, nullptr);
61 return result;
62 }
63
create_refresh_token_creds(const char * json_refresh_token_file_path)64 static grpc_call_credentials* create_refresh_token_creds(
65 const char* json_refresh_token_file_path) {
66 std::string refresh_token =
67 grpc_core::testing::GetFileContents(json_refresh_token_file_path);
68 return grpc_google_refresh_token_credentials_create(refresh_token.c_str(),
69 nullptr);
70 }
71
main(int argc,char ** argv)72 int main(int argc, char** argv) {
73 grpc_call_credentials* creds = nullptr;
74 const char* json_sts_options_file_path = nullptr;
75 const char* json_refresh_token_file_path = nullptr;
76 char* token = nullptr;
77 int use_gce = 0;
78 gpr_cmdline* cl = gpr_cmdline_create("fetch_oauth2");
79 gpr_cmdline_add_string(cl, "json_refresh_token",
80 "File path of the json refresh token.",
81 &json_refresh_token_file_path);
82 gpr_cmdline_add_string(
83 cl, "json_sts_options",
84 "File path of the json sts options. If the path is empty, the program "
85 "will attempt to use the $STS_CREDENTIALS environment variable to access "
86 "a file containing the options.",
87 &json_sts_options_file_path);
88 gpr_cmdline_add_flag(
89 cl, "gce",
90 "Get a token from the GCE metadata server (only works in GCE).",
91 &use_gce);
92 gpr_cmdline_parse(cl, argc, argv);
93
94 grpc_init();
95
96 if (json_sts_options_file_path != nullptr &&
97 json_refresh_token_file_path != nullptr) {
98 LOG(ERROR) << "--json_sts_options and --json_refresh_token are mutually "
99 "exclusive.";
100 exit(1);
101 }
102
103 if (use_gce) {
104 if (json_sts_options_file_path != nullptr ||
105 json_refresh_token_file_path != nullptr) {
106 LOG(INFO)
107 << "Ignoring json refresh token or sts options to get a token from "
108 "the GCE metadata server.";
109 }
110 creds = grpc_google_compute_engine_credentials_create(nullptr);
111 if (creds == nullptr) {
112 LOG(ERROR) << "Could not create gce credentials.";
113 exit(1);
114 }
115 } else if (json_refresh_token_file_path != nullptr) {
116 creds = create_refresh_token_creds(json_refresh_token_file_path);
117 if (creds == nullptr) {
118 LOG(ERROR) << "Could not create refresh token creds. "
119 << json_refresh_token_file_path
120 << " does probably not contain a valid json refresh token.";
121 exit(1);
122 }
123 } else if (json_sts_options_file_path != nullptr) {
124 creds = create_sts_creds(json_sts_options_file_path);
125 if (creds == nullptr) {
126 LOG(ERROR) << "Could not create sts creds. " << json_sts_options_file_path
127 << " does probably not contain a valid json for sts options.";
128 exit(1);
129 }
130 } else {
131 LOG(ERROR)
132 << "Missing --gce, --json_sts_options, or --json_refresh_token option.";
133 exit(1);
134 }
135 CHECK_NE(creds, nullptr);
136
137 token = grpc_test_fetch_oauth2_token_with_credentials(creds);
138 if (token != nullptr) {
139 printf("Got token: %s.\n", token);
140 gpr_free(token);
141 }
142 grpc_call_credentials_release(creds);
143 gpr_cmdline_destroy(cl);
144 grpc_shutdown();
145 return 0;
146 }
147