1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H
20 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H
21 
22 #include <grpc/support/port_platform.h>
23 
24 #include "src/core/tsi/grpc_shadow_boringssl.h"
25 
26 #include <grpc/slice.h>
27 #include <openssl/rsa.h>
28 
29 #include "src/core/lib/json/json.h"
30 
31 /* --- Constants. --- */
32 
33 #define GRPC_JWT_OAUTH2_AUDIENCE "https://www.googleapis.com/oauth2/v3/token"
34 
35 /* --- auth_json_key parsing. --- */
36 
37 typedef struct {
38   const char* type;
39   char* private_key_id;
40   char* client_id;
41   char* client_email;
42   RSA* private_key;
43 } grpc_auth_json_key;
44 
45 /* Returns 1 if the object is valid, 0 otherwise. */
46 int grpc_auth_json_key_is_valid(const grpc_auth_json_key* json_key);
47 
48 /* Creates a json_key object from string. Returns an invalid object if a parsing
49    error has been encountered. */
50 grpc_auth_json_key grpc_auth_json_key_create_from_string(
51     const char* json_string);
52 
53 /* Creates a json_key object from parsed json. Returns an invalid object if a
54    parsing error has been encountered. */
55 grpc_auth_json_key grpc_auth_json_key_create_from_json(const grpc_json* json);
56 
57 /* Destructs the object. */
58 void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key);
59 
60 /* --- json token encoding and signing. --- */
61 
62 /* Caller is responsible for calling gpr_free on the returned value. May return
63    NULL on invalid input. The scope parameter may be NULL. */
64 char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key,
65                                const char* audience,
66                                gpr_timespec token_lifetime, const char* scope);
67 
68 /* Override encode_and_sign function for testing. */
69 typedef char* (*grpc_jwt_encode_and_sign_override)(
70     const grpc_auth_json_key* json_key, const char* audience,
71     gpr_timespec token_lifetime, const char* scope);
72 
73 /* Set a custom encode_and_sign override for testing. */
74 void grpc_jwt_encode_and_sign_set_override(
75     grpc_jwt_encode_and_sign_override func);
76 
77 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JSON_TOKEN_H */
78