#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"#include <string.h>#include <grpc/grpc.h>#include <grpc/slice.h>#include <grpc/support/alloc.h>#include <grpc/support/log.h>#include <grpc/support/string_util.h>#include "src/core/lib/http/httpcli.h"#include "src/core/lib/security/credentials/jwt/json_token.h"#include "src/core/lib/slice/b64.h"#include "test/core/util/test_config.h"
Include dependency graph for jwt_verifier_test.cc:
Go to the source code of this file.
Classes | |
| struct | verifier_test_config |
Variables | |
| static const char | claims_with_bad_subject [] |
| static const char | claims_without_time_constraint [] |
| static grpc_jwt_verifier_email_domain_key_url_mapping | custom_mapping |
| static const char | expected_audience [] = "https://foo.com" |
| static gpr_timespec | expected_lifetime = {3600, 0, GPR_TIMESPAN} |
| static const char | expected_user_data [] = "user data" |
| static const char | expired_claims [] |
| static const char | good_google_email_keys_part1 [] |
| static const char | good_google_email_keys_part2 [] |
| static const char | good_jwk_set [] |
| static const char | good_openid_config [] |
| static const char | invalid_claims [] |
| static const char | json_key_str_part1 [] |
| static const char | json_key_str_part2 [] |
| static const char | json_key_str_part3_for_custom_email_issuer [] |
| static const char | json_key_str_part3_for_google_email_issuer [] |
| static const char | json_key_str_part3_for_url_issuer [] |
Function Documentation
◆ corrupt_jwt_sig()
|
static |
Definition at line 560 of file jwt_verifier_test.cc.
◆ good_google_email_keys()
|
static |
Definition at line 322 of file jwt_verifier_test.cc.
◆ http_response()
|
static |
Definition at line 333 of file jwt_verifier_test.cc.
◆ httpcli_get_bad_json()
|
static |
Definition at line 502 of file jwt_verifier_test.cc.
◆ httpcli_get_custom_keys_for_email()
|
static |
Definition at line 408 of file jwt_verifier_test.cc.
◆ httpcli_get_google_keys_for_email()
|
static |
Definition at line 360 of file jwt_verifier_test.cc.
◆ httpcli_get_jwk_set()
|
static |
Definition at line 443 of file jwt_verifier_test.cc.
◆ httpcli_get_openid_config()
|
static |
Definition at line 455 of file jwt_verifier_test.cc.
◆ httpcli_get_should_not_be_called()
|
static |
Definition at line 613 of file jwt_verifier_test.cc.
◆ httpcli_post_should_not_be_called()
|
static |
Definition at line 342 of file jwt_verifier_test.cc.
◆ httpcli_put_should_not_be_called()
|
static |
Definition at line 351 of file jwt_verifier_test.cc.
◆ json_key_str()
|
static |
Definition at line 309 of file jwt_verifier_test.cc.
◆ main()
Definition at line 647 of file jwt_verifier_test.cc.
◆ on_verification_bad_format()
|
static |
Definition at line 621 of file jwt_verifier_test.cc.
◆ on_verification_bad_signature()
|
static |
Definition at line 580 of file jwt_verifier_test.cc.
◆ on_verification_key_retrieval_error()
|
static |
Definition at line 494 of file jwt_verifier_test.cc.
◆ on_verification_success()
|
static |
Definition at line 374 of file jwt_verifier_test.cc.
◆ test_bad_audience_claims_failure()
|
static |
Definition at line 273 of file jwt_verifier_test.cc.
◆ test_bad_subject_claims_failure()
|
static |
Definition at line 291 of file jwt_verifier_test.cc.
◆ test_claims_success()
|
static |
Definition at line 207 of file jwt_verifier_test.cc.
◆ test_expired_claims_failure()
|
static |
Definition at line 230 of file jwt_verifier_test.cc.
◆ test_invalid_claims_failure()
|
static |
Definition at line 260 of file jwt_verifier_test.cc.
◆ test_jwt_issuer_email_domain()
|
static |
Definition at line 175 of file jwt_verifier_test.cc.
◆ test_jwt_verifier_bad_format()
|
static |
Definition at line 629 of file jwt_verifier_test.cc.
◆ test_jwt_verifier_bad_json_key()
|
static |
Definition at line 536 of file jwt_verifier_test.cc.
◆ test_jwt_verifier_bad_signature()
|
static |
Definition at line 588 of file jwt_verifier_test.cc.
◆ test_jwt_verifier_custom_email_issuer_success()
|
static |
Definition at line 419 of file jwt_verifier_test.cc.
◆ test_jwt_verifier_google_email_issuer_success()
|
static |
Definition at line 384 of file jwt_verifier_test.cc.
◆ test_jwt_verifier_url_issuer_bad_config()
|
static |
Definition at line 512 of file jwt_verifier_test.cc.
◆ test_jwt_verifier_url_issuer_success()
|
static |
Definition at line 470 of file jwt_verifier_test.cc.
Variable Documentation
◆ claims_with_bad_subject
|
static |
Initial value:
=
"{ \"aud\": \"https://foo.com\","
" \"iss\": \"evil@blah.foo.com\","
" \"sub\": \"juju@blah.foo.com\","
" \"jti\": \"jwtuniqueid\","
" \"foo\": \"bar\"}"
Definition at line 155 of file jwt_verifier_test.cc.
◆ claims_without_time_constraint
|
static |
Initial value:
=
"{ \"aud\": \"https://foo.com\","
" \"iss\": \"blah.foo.com\","
" \"sub\": \"juju@blah.foo.com\","
" \"jti\": \"jwtuniqueid\","
" \"foo\": \"bar\"}"
Definition at line 148 of file jwt_verifier_test.cc.
◆ custom_mapping
|
static |
Initial value:
= {
"bar.com", "keys.bar.com/jwk"}
Definition at line 83 of file jwt_verifier_test.cc.
◆ expected_audience
|
static |
Definition at line 125 of file jwt_verifier_test.cc.
◆ expected_lifetime
|
static |
Definition at line 105 of file jwt_verifier_test.cc.
◆ expected_user_data
Definition at line 86 of file jwt_verifier_test.cc.
◆ expired_claims
|
static |
Initial value:
=
"{ \"aud\": \"https://foo.com\","
" \"iss\": \"blah.foo.com\","
" \"sub\": \"juju@blah.foo.com\","
" \"jti\": \"jwtuniqueid\","
" \"iat\": 100,"
" \"exp\": 120,"
" \"nbf\": 60,"
" \"foo\": \"bar\"}"
Definition at line 138 of file jwt_verifier_test.cc.
◆ good_google_email_keys_part1
|
static |
Initial value:
=
"{\"e6b5137873db8d2ef81e06a47289e6434ec8a165\": \"-----BEGIN "
"CERTIFICATE-----"
"\\nMIICATCCAWoCCQDEywLhxvHjnDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB\\nVTET"
"MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\\ncyBQdHkgTHR"
"kMB4XDTE1MDYyOTA4Mzk1MFoXDTI1MDYyNjA4Mzk1MFowRTELMAkG\\nA1UEBhMCQVUxEzARBg"
"NVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\\nIFdpZGdpdHMgUHR5IEx0ZDCBn"
"zANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4S8m\\nyegefIeRdynuYkSqBYaOLDvU19cHKC56"
"RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ\\n6mxPQutZC1nKNJ6D+tYFC9LiGV7gt+KOQ/"
Definition at line 107 of file jwt_verifier_test.cc.
◆ good_google_email_keys_part2
|
static |
Initial value:
=
"cnkEb4hcMw/xF/OI1FCx6cBcM0+"
"Rji\\nQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFUCAwEAATANBgkqhkiG9w0BAQsF\\nA"
"AOBgQBfu69FkPmBknbKNFgurPz78kbs3VNN+k/"
"PUgO5DHKskJmgK2TbtvX2VMpx\\nkftmHGzgzMzUlOtigCaGMgHWjfqjpP9uuDbahXrZBJzB8c"
"Oq7MrQF8r17qVvo3Ue\\nPjTKQMAsU8uxTEMmeuz9L6yExs0rfd6bPOrQkAoVfFfiYB3/"
"pA==\\n-----END CERTIFICATE-----\\n\"}"
Definition at line 117 of file jwt_verifier_test.cc.
◆ good_jwk_set
|
static |
Initial value:
=
"{"
" \"keys\": ["
" {"
" \"kty\": \"RSA\","
" \"alg\": \"RS256\","
" \"use\": \"sig\","
" \"kid\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\","
" \"n\": "
"\"4S8myegefIeRdynuYkSqBYaOLDvU19cHKC56RIqGjrkXFoZuydIz1IxACpWTtDasb4jQ6mxP"
"QutZC1nKNJ6D-tYFC9LiGV7gt-KOQ_cnkEb4hcMw_xF_OI1FCx6cBcM0-"
"RjiQkK8q7HbF0M6dUXo3t0vedNhmD65Cs2wxPP1TFU=\","
" \"e\": \"AQAB\""
" }"
" ]"
"}"
Definition at line 88 of file jwt_verifier_test.cc.
◆ good_openid_config
|
static |
Initial value:
=
"{"
" \"issuer\": \"https://accounts.google.com\","
" \"authorization_endpoint\": "
"\"https://accounts.google.com/o/oauth2/v2/auth\","
" \"token_endpoint\": \"https://oauth2.googleapis.com/token\","
" \"userinfo_endpoint\": \"https://www.googleapis.com/oauth2/v3/userinfo\","
" \"revocation_endpoint\": \"https://oauth2.googleapis.com/revoke\","
" \"jwks_uri\": \"https://www.googleapis.com/oauth2/v3/certs\""
"}"
Definition at line 127 of file jwt_verifier_test.cc.
◆ invalid_claims
|
static |
Initial value:
=
"{ \"aud\": \"https://foo.com\","
" \"iss\": 46,"
" \"sub\": \"juju@blah.foo.com\","
" \"jti\": \"jwtuniqueid\","
" \"foo\": \"bar\"}"
Definition at line 162 of file jwt_verifier_test.cc.
◆ json_key_str_part1
|
static |
Initial value:
=
"{ \"private_key\": \"-----BEGIN PRIVATE KEY-----"
"\\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOEvJsnoHnyHkXcp\\n7mJE"
"qg"
"WGjiw71NfXByguekSKho65FxaGbsnSM9SMQAqVk7Q2rG+I0OpsT0LrWQtZ\\nyjSeg/"
"rWBQvS4hle4LfijkP3J5BG+"
"IXDMP8RfziNRQsenAXDNPkY4kJCvKux2xdD\\nOnVF6N7dL3nTYZg+"
"uQrNsMTz9UxVAgMBAAECgYEAzbLewe1xe9vy+2GoSsfib+28\\nDZgSE6Bu/"
"zuFoPrRc6qL9p2SsnV7txrunTyJkkOnPLND9ABAXybRTlcVKP/sGgza\\n/"
"8HpCqFYM9V8f34SBWfD4fRFT+n/"
"73cfRUtGXdXpseva2lh8RilIQfPhNZAncenU\\ngqXjDvpkypEusgXAykECQQD+"
Definition at line 39 of file jwt_verifier_test.cc.
◆ json_key_str_part2
|
static |
Initial value:
=
"53XxNVnxBHsYb+AYEfklR96yVi8HywjVHP34+OQZ\\nCslxoHQM8s+"
"dBnjfScLu22JqkPv04xyxmt0QAKm9+vTdAkEA4ib7YvEAn2jXzcCI\\nEkoy2L/"
"XydR1GCHoacdfdAwiL2npOdnbvi4ZmdYRPY1LSTO058tQHKVXV7NLeCa3\\nAARh2QJBAMKeDA"
"G"
"W303SQv2cZTdbeaLKJbB5drz3eo3j7dDKjrTD9JupixFbzcGw\\n8FZi5c8idxiwC36kbAL6Hz"
"A"
"ZoX+ofI0CQE6KCzPJTtYNqyShgKAZdJ8hwOcvCZtf\\n6z8RJm0+"
"6YBd38lfh5j8mZd7aHFf6I17j5AQY7oPEc47TjJj/"
"5nZ68ECQQDvYuI3\\nLyK5fS8g0SYbmPOL9TlcHDOqwG0mrX9qpg5DC2fniXNSrrZ64GTDKdzZ"
"Y"
"Ap6LI9W\\nIqv4vr6y38N79TTC\\n-----END PRIVATE KEY-----\\n\", "
Definition at line 50 of file jwt_verifier_test.cc.
◆ json_key_str_part3_for_custom_email_issuer
|
static |
Initial value:
=
"\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
"\"client_email\": "
"\"foo@bar.com\", \"client_id\": "
"\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
"com\", \"type\": \"service_account\" }"
Definition at line 76 of file jwt_verifier_test.cc.
◆ json_key_str_part3_for_google_email_issuer
|
static |
Initial value:
=
"\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
"\"client_email\": "
"\"777-abaslkan11hlb6nmim3bpspl31ud@developer.gserviceaccount."
"com\", \"client_id\": "
"\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
"com\", \"type\": \"service_account\" }"
Definition at line 62 of file jwt_verifier_test.cc.
◆ json_key_str_part3_for_url_issuer
|
static |
Initial value:
=
"\"private_key_id\": \"e6b5137873db8d2ef81e06a47289e6434ec8a165\", "
"\"client_email\": \"accounts.google.com\", "
"\"client_id\": "
"\"777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent."
"com\", \"type\": \"service_account\" }"
Definition at line 70 of file jwt_verifier_test.cc.