1 //
2 //
3 // Copyright 2015 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include "src/core/lib/security/credentials/jwt/json_token.h"
20
21 #include <grpc/credentials.h>
22 #include <grpc/grpc_security.h>
23 #include <grpc/slice.h>
24 #include <grpc/support/alloc.h>
25 #include <gtest/gtest.h>
26 #include <openssl/evp.h>
27 #include <string.h>
28
29 #include "absl/log/log.h"
30 #include "absl/strings/escaping.h"
31 #include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
32 #include "src/core/lib/slice/slice_internal.h"
33 #include "src/core/util/crash.h"
34 #include "src/core/util/json/json.h"
35 #include "src/core/util/json/json_reader.h"
36 #include "test/core/test_util/test_config.h"
37
38 using grpc_core::Json;
39
40 // This JSON key was generated with the GCE console and revoked immediately.
41 // The identifiers have been changed as well.
42 // Maximum size for a string literal is 509 chars in C89, yay!
43 static const char test_json_key_str_part1[] =
44 "{ \"private_key\": \"-----BEGIN PRIVATE KEY-----"
45 "\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE"
46 "qg"
47 "WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/"
48 "rWBQvS4hle4LfijkP3J5BG+"
49 "IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+"
50 "uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/"
51 "zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/"
52 "8HpCqFYM9V8f34SBWfD4fRFT+n/"
53 "73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+";
54 static const char test_json_key_str_part2[] =
55 "53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+"
56 "dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/"
57 "XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA"
58 "G"
59 "W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz"
60 "A"
61 "ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+"
62 "6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/"
63 "5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ"
64 "Y"
65 "Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", ";
66 static const char test_json_key_str_part3[] =
67 "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
68 "\"client_email\": "
69 "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
70 "com\", \"client_id\": "
71 "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
72 "com\", \"type\": \"service_account\" }";
73
74 // Test refresh token.
75 static const char test_refresh_token_str[] =
76 "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
77 " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
78 " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
79 " \"type\": \"authorized_user\"}";
80
81 static const char test_scope[] = "myperm1 myperm2";
82
83 static const char test_service_url[] = "https://foo.com/foo.v1";
84
test_json_key_str(const char * bad_part3)85 static char* test_json_key_str(const char* bad_part3) {
86 const char* part3 =
87 bad_part3 != nullptr ? bad_part3 : test_json_key_str_part3;
88 size_t result_len = strlen(test_json_key_str_part1) +
89 strlen(test_json_key_str_part2) + strlen(part3);
90 char* result = static_cast<char*>(gpr_malloc(result_len + 1));
91 char* current = result;
92 strcpy(result, test_json_key_str_part1);
93 current += strlen(test_json_key_str_part1);
94 strcpy(current, test_json_key_str_part2);
95 current += strlen(test_json_key_str_part2);
96 strcpy(current, part3);
97 return result;
98 }
99
TEST(JsonTokenTest,ParseJsonKeySuccess)100 TEST(JsonTokenTest, ParseJsonKeySuccess) {
101 char* json_string = test_json_key_str(nullptr);
102 grpc_auth_json_key json_key =
103 grpc_auth_json_key_create_from_string(json_string);
104 ASSERT_TRUE(grpc_auth_json_key_is_valid(&json_key));
105 ASSERT_TRUE(json_key.type != nullptr &&
106 strcmp(json_key.type, "service_account") == 0);
107 ASSERT_TRUE(json_key.private_key_id != nullptr &&
108 strcmp(json_key.private_key_id,
109 "e6b5137873db8d2ef81e06a47289e6434ec8a165") == 0);
110 ASSERT_TRUE(json_key.client_id != nullptr &&
111 strcmp(json_key.client_id,
112 "777-abaslkan11hlb6nmim3bpspl31ud.apps."
113 "googleusercontent.com") == 0);
114 ASSERT_TRUE(json_key.client_email != nullptr &&
115 strcmp(json_key.client_email,
116 "777-abaslkan11hlb6nmim3bpspl31ud@developer."
117 "gserviceaccount.com") == 0);
118 ASSERT_NE(json_key.private_key, nullptr);
119 gpr_free(json_string);
120 grpc_auth_json_key_destruct(&json_key);
121 }
122
TEST(JsonTokenTest,ParseJsonKeyFailureBadJson)123 TEST(JsonTokenTest, ParseJsonKeyFailureBadJson) {
124 const char non_closing_part3[] =
125 "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
126 "\"client_email\": "
127 "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
128 "com\", \"client_id\": "
129 "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
130 "com\", \"type\": \"service_account\" ";
131 char* json_string = test_json_key_str(non_closing_part3);
132 grpc_auth_json_key json_key =
133 grpc_auth_json_key_create_from_string(json_string);
134 ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
135 gpr_free(json_string);
136 grpc_auth_json_key_destruct(&json_key);
137 }
138
TEST(JsonTokenTest,ParseJsonKeyFailureNoType)139 TEST(JsonTokenTest, ParseJsonKeyFailureNoType) {
140 const char no_type_part3[] =
141 "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
142 "\"client_email\": "
143 "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
144 "com\", \"client_id\": "
145 "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
146 "com\" }";
147 char* json_string = test_json_key_str(no_type_part3);
148 grpc_auth_json_key json_key =
149 grpc_auth_json_key_create_from_string(json_string);
150 ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
151 gpr_free(json_string);
152 grpc_auth_json_key_destruct(&json_key);
153 }
154
TEST(JsonTokenTest,ParseJsonKeyFailureNoClientId)155 TEST(JsonTokenTest, ParseJsonKeyFailureNoClientId) {
156 const char no_client_id_part3[] =
157 "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
158 "\"client_email\": "
159 "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
160 "com\", "
161 "\"type\": \"service_account\" }";
162 char* json_string = test_json_key_str(no_client_id_part3);
163 grpc_auth_json_key json_key =
164 grpc_auth_json_key_create_from_string(json_string);
165 ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
166 gpr_free(json_string);
167 grpc_auth_json_key_destruct(&json_key);
168 }
169
TEST(JsonTokenTest,ParseJsonKeyFailureNoClientEmail)170 TEST(JsonTokenTest, ParseJsonKeyFailureNoClientEmail) {
171 const char no_client_email_part3[] =
172 "\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
173 "\"client_id\": "
174 "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
175 "com\", \"type\": \"service_account\" }";
176 char* json_string = test_json_key_str(no_client_email_part3);
177 grpc_auth_json_key json_key =
178 grpc_auth_json_key_create_from_string(json_string);
179 ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
180 gpr_free(json_string);
181 grpc_auth_json_key_destruct(&json_key);
182 }
183
TEST(JsonTokenTest,ParseJsonKeyFailureNoPrivateKeyId)184 TEST(JsonTokenTest, ParseJsonKeyFailureNoPrivateKeyId) {
185 const char no_private_key_id_part3[] =
186 "\"client_email\": "
187 "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
188 "com\", \"client_id\": "
189 "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
190 "com\", \"type\": \"service_account\" }";
191 char* json_string = test_json_key_str(no_private_key_id_part3);
192 grpc_auth_json_key json_key =
193 grpc_auth_json_key_create_from_string(json_string);
194 ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
195 gpr_free(json_string);
196 grpc_auth_json_key_destruct(&json_key);
197 }
198
TEST(JsonTokenTest,ParseJsonKeyFailureNoPrivateKey)199 TEST(JsonTokenTest, ParseJsonKeyFailureNoPrivateKey) {
200 const char no_private_key_json_string[] =
201 "{ \"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
202 "\"client_email\": "
203 "\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
204 "com\", \"client_id\": "
205 "\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
206 "com\", \"type\": \"service_account\" }";
207 grpc_auth_json_key json_key =
208 grpc_auth_json_key_create_from_string(no_private_key_json_string);
209 ASSERT_FALSE(grpc_auth_json_key_is_valid(&json_key));
210 grpc_auth_json_key_destruct(&json_key);
211 }
212
parse_json_part_from_jwt(const char * str,size_t len)213 static Json parse_json_part_from_jwt(const char* str, size_t len) {
214 grpc_core::ExecCtx exec_ctx;
215 std::string decoded;
216 absl::WebSafeBase64Unescape(absl::string_view(str, len), &decoded);
217 EXPECT_FALSE(decoded.empty());
218 auto json = grpc_core::JsonParse(decoded);
219 if (!json.ok()) {
220 LOG(ERROR) << "JSON parse error: " << json.status().ToString();
221 return Json();
222 }
223 return std::move(*json);
224 }
225
check_jwt_header(const Json & header)226 static void check_jwt_header(const Json& header) {
227 Json::Object object = header.object();
228 Json value = object["alg"];
229 ASSERT_EQ(value.type(), Json::Type::kString);
230 ASSERT_STREQ(value.string().c_str(), "RS256");
231 value = object["typ"];
232 ASSERT_EQ(value.type(), Json::Type::kString);
233 ASSERT_STREQ(value.string().c_str(), "JWT");
234 value = object["kid"];
235 ASSERT_EQ(value.type(), Json::Type::kString);
236 ASSERT_STREQ(value.string().c_str(),
237 "e6b5137873db8d2ef81e06a47289e6434ec8a165");
238 }
239
check_jwt_claim(const Json & claim,const char * expected_audience,const char * expected_scope)240 static void check_jwt_claim(const Json& claim, const char* expected_audience,
241 const char* expected_scope) {
242 Json::Object object = claim.object();
243
244 Json value = object["iss"];
245 ASSERT_EQ(value.type(), Json::Type::kString);
246 ASSERT_EQ(value.string(),
247 "777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount.com");
248
249 if (expected_scope != nullptr) {
250 ASSERT_EQ(object.find("sub"), object.end());
251 value = object["scope"];
252 ASSERT_EQ(value.type(), Json::Type::kString);
253 ASSERT_EQ(value.string(), expected_scope);
254 } else {
255 // Claims without scope must have a sub.
256 ASSERT_EQ(object.find("scope"), object.end());
257 value = object["sub"];
258 ASSERT_EQ(value.type(), Json::Type::kString);
259 ASSERT_EQ(value.string(), object["iss"].string());
260 }
261
262 value = object["aud"];
263 ASSERT_EQ(value.type(), Json::Type::kString);
264 ASSERT_EQ(value.string(), expected_audience);
265
266 gpr_timespec expiration = gpr_time_0(GPR_CLOCK_REALTIME);
267 value = object["exp"];
268 ASSERT_EQ(value.type(), Json::Type::kNumber);
269 expiration.tv_sec = strtol(value.string().c_str(), nullptr, 10);
270
271 gpr_timespec issue_time = gpr_time_0(GPR_CLOCK_REALTIME);
272 value = object["iat"];
273 ASSERT_EQ(value.type(), Json::Type::kNumber);
274 issue_time.tv_sec = strtol(value.string().c_str(), nullptr, 10);
275
276 gpr_timespec parsed_lifetime = gpr_time_sub(expiration, issue_time);
277 ASSERT_EQ(parsed_lifetime.tv_sec, grpc_max_auth_token_lifetime().tv_sec);
278 }
279
280 #if OPENSSL_VERSION_NUMBER < 0x30000000L
check_jwt_signature(const char * b64_signature,RSA * rsa_key,const char * signed_data,size_t signed_data_size)281 static void check_jwt_signature(const char* b64_signature, RSA* rsa_key,
282 const char* signed_data,
283 size_t signed_data_size) {
284 grpc_core::ExecCtx exec_ctx;
285
286 EVP_MD_CTX* md_ctx = EVP_MD_CTX_create();
287 EVP_PKEY* key = EVP_PKEY_new();
288
289 std::string decoded;
290 absl::WebSafeBase64Unescape(b64_signature, &decoded);
291 ASSERT_EQ(decoded.size(), 128);
292
293 ASSERT_NE(md_ctx, nullptr);
294 ASSERT_NE(key, nullptr);
295 EVP_PKEY_set1_RSA(key, rsa_key);
296
297 ASSERT_EQ(EVP_DigestVerifyInit(md_ctx, nullptr, EVP_sha256(), nullptr, key),
298 1);
299 ASSERT_EQ(EVP_DigestVerifyUpdate(md_ctx, signed_data, signed_data_size), 1);
300 ASSERT_EQ(EVP_DigestVerifyFinal(
301 md_ctx, reinterpret_cast<const uint8_t*>(decoded.data()),
302 decoded.size()),
303 1);
304
305 if (key != nullptr) EVP_PKEY_free(key);
306 if (md_ctx != nullptr) EVP_MD_CTX_destroy(md_ctx);
307 }
308 #else
check_jwt_signature(const char * b64_signature,EVP_PKEY * key,const char * signed_data,size_t signed_data_size)309 static void check_jwt_signature(const char* b64_signature, EVP_PKEY* key,
310 const char* signed_data,
311 size_t signed_data_size) {
312 grpc_core::ExecCtx exec_ctx;
313 EVP_MD_CTX* md_ctx = EVP_MD_CTX_create();
314
315 std::string decoded;
316 absl::WebSafeBase64Unescape(b64_signature, &decoded);
317 ASSERT_EQ(decoded.size(), 128);
318
319 ASSERT_EQ(EVP_DigestVerifyInit(md_ctx, nullptr, EVP_sha256(), nullptr, key),
320 1);
321 ASSERT_EQ(EVP_DigestVerifyUpdate(md_ctx, signed_data, signed_data_size), 1);
322 ASSERT_EQ(EVP_DigestVerifyFinal(
323 md_ctx, reinterpret_cast<const unsigned char*>(decoded.data()),
324 decoded.size()),
325 1);
326
327 if (md_ctx != nullptr) EVP_MD_CTX_destroy(md_ctx);
328 }
329 #endif
330
service_account_creds_jwt_encode_and_sign(const grpc_auth_json_key * key)331 static char* service_account_creds_jwt_encode_and_sign(
332 const grpc_auth_json_key* key) {
333 return grpc_jwt_encode_and_sign(key, GRPC_JWT_OAUTH2_AUDIENCE,
334 grpc_max_auth_token_lifetime(), test_scope);
335 }
336
jwt_creds_jwt_encode_and_sign(const grpc_auth_json_key * key)337 static char* jwt_creds_jwt_encode_and_sign(const grpc_auth_json_key* key) {
338 return grpc_jwt_encode_and_sign(key, test_service_url,
339 grpc_max_auth_token_lifetime(), nullptr);
340 }
341
service_account_creds_check_jwt_claim(const Json & claim)342 static void service_account_creds_check_jwt_claim(const Json& claim) {
343 check_jwt_claim(claim, GRPC_JWT_OAUTH2_AUDIENCE, test_scope);
344 }
345
jwt_creds_check_jwt_claim(const Json & claim)346 static void jwt_creds_check_jwt_claim(const Json& claim) {
347 check_jwt_claim(claim, test_service_url, nullptr);
348 }
349
test_jwt_encode_and_sign(char * (* jwt_encode_and_sign_func)(const grpc_auth_json_key *),void (* check_jwt_claim_func)(const Json &))350 static void test_jwt_encode_and_sign(
351 char* (*jwt_encode_and_sign_func)(const grpc_auth_json_key*),
352 void (*check_jwt_claim_func)(const Json&)) {
353 char* json_string = test_json_key_str(nullptr);
354 grpc_auth_json_key json_key =
355 grpc_auth_json_key_create_from_string(json_string);
356 const char* b64_signature;
357 size_t offset = 0;
358 char* jwt = jwt_encode_and_sign_func(&json_key);
359 const char* dot = strchr(jwt, '.');
360 ASSERT_NE(dot, nullptr);
361 Json parsed_header =
362 parse_json_part_from_jwt(jwt, static_cast<size_t>(dot - jwt));
363 ASSERT_EQ(parsed_header.type(), Json::Type::kObject);
364 check_jwt_header(parsed_header);
365 offset = static_cast<size_t>(dot - jwt) + 1;
366
367 dot = strchr(jwt + offset, '.');
368 ASSERT_NE(dot, nullptr);
369 Json parsed_claim = parse_json_part_from_jwt(
370 jwt + offset, static_cast<size_t>(dot - (jwt + offset)));
371 ASSERT_EQ(parsed_claim.type(), Json::Type::kObject);
372 check_jwt_claim_func(parsed_claim);
373 offset = static_cast<size_t>(dot - jwt) + 1;
374
375 dot = strchr(jwt + offset, '.');
376 ASSERT_EQ(dot, nullptr); // no more part.
377 b64_signature = jwt + offset;
378 check_jwt_signature(b64_signature, json_key.private_key, jwt, offset - 1);
379
380 gpr_free(json_string);
381 grpc_auth_json_key_destruct(&json_key);
382 gpr_free(jwt);
383 }
384
TEST(JsonTokenTest,ServiceAccountCredsJwtEncodeAndSign)385 TEST(JsonTokenTest, ServiceAccountCredsJwtEncodeAndSign) {
386 test_jwt_encode_and_sign(service_account_creds_jwt_encode_and_sign,
387 service_account_creds_check_jwt_claim);
388 }
389
TEST(JsonTokenTest,JwtCredsJwtEncodeAndSign)390 TEST(JsonTokenTest, JwtCredsJwtEncodeAndSign) {
391 test_jwt_encode_and_sign(jwt_creds_jwt_encode_and_sign,
392 jwt_creds_check_jwt_claim);
393 }
394
TEST(JsonTokenTest,ParseRefreshTokenSuccess)395 TEST(JsonTokenTest, ParseRefreshTokenSuccess) {
396 grpc_auth_refresh_token refresh_token =
397 grpc_auth_refresh_token_create_from_string(test_refresh_token_str);
398 ASSERT_TRUE(grpc_auth_refresh_token_is_valid(&refresh_token));
399 ASSERT_TRUE(refresh_token.type != nullptr &&
400 (strcmp(refresh_token.type, "authorized_user") == 0));
401 ASSERT_TRUE(refresh_token.client_id != nullptr &&
402 (strcmp(refresh_token.client_id,
403 "32555999999.apps.googleusercontent.com") == 0));
404 ASSERT_TRUE(
405 refresh_token.client_secret != nullptr &&
406 (strcmp(refresh_token.client_secret, "EmssLNjJy1332hD4KFsecret") == 0));
407 ASSERT_TRUE(refresh_token.refresh_token != nullptr &&
408 (strcmp(refresh_token.refresh_token,
409 "1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42") == 0));
410 grpc_auth_refresh_token_destruct(&refresh_token);
411 }
412
TEST(JsonTokenTest,ParseRefreshTokenFailureNoType)413 TEST(JsonTokenTest, ParseRefreshTokenFailureNoType) {
414 const char refresh_token_str[] =
415 "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
416 " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
417 " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\"}";
418 grpc_auth_refresh_token refresh_token =
419 grpc_auth_refresh_token_create_from_string(refresh_token_str);
420 ASSERT_FALSE(grpc_auth_refresh_token_is_valid(&refresh_token));
421 }
422
TEST(JsonTokenTest,ParseRefreshTokenFailureNoClientId)423 TEST(JsonTokenTest, ParseRefreshTokenFailureNoClientId) {
424 const char refresh_token_str[] =
425 "{ \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
426 " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
427 " \"type\": \"authorized_user\"}";
428 grpc_auth_refresh_token refresh_token =
429 grpc_auth_refresh_token_create_from_string(refresh_token_str);
430 ASSERT_FALSE(grpc_auth_refresh_token_is_valid(&refresh_token));
431 }
432
TEST(JsonTokenTest,ParseRefreshTokenFailureNoClientSecret)433 TEST(JsonTokenTest, ParseRefreshTokenFailureNoClientSecret) {
434 const char refresh_token_str[] =
435 "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
436 " \"refresh_token\": \"1/Blahblasj424jladJDSGNf-u4Sua3HDA2ngjd42\","
437 " \"type\": \"authorized_user\"}";
438 grpc_auth_refresh_token refresh_token =
439 grpc_auth_refresh_token_create_from_string(refresh_token_str);
440 ASSERT_FALSE(grpc_auth_refresh_token_is_valid(&refresh_token));
441 }
442
TEST(JsonTokenTest,ParseRefreshTokenFailureNoRefreshToken)443 TEST(JsonTokenTest, ParseRefreshTokenFailureNoRefreshToken) {
444 const char refresh_token_str[] =
445 "{ \"client_id\": \"32555999999.apps.googleusercontent.com\","
446 " \"client_secret\": \"EmssLNjJy1332hD4KFsecret\","
447 " \"type\": \"authorized_user\"}";
448 grpc_auth_refresh_token refresh_token =
449 grpc_auth_refresh_token_create_from_string(refresh_token_str);
450 ASSERT_FALSE(grpc_auth_refresh_token_is_valid(&refresh_token));
451 }
452
main(int argc,char ** argv)453 int main(int argc, char** argv) {
454 grpc::testing::TestEnvironment env(&argc, argv);
455 ::testing::InitGoogleTest(&argc, argv);
456 grpc::testing::TestGrpcScope grpc_scope;
457 return RUN_ALL_TESTS();
458 }
459