Classes | Enumerations | Functions | Variables
jwt_verifier.cc File Reference
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include <map>
#include <memory>
#include <string>
#include <utility>
#include <vector>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include "absl/status/statusor.h"
#include "absl/strings/string_view.h"
#include <grpc/grpc.h>
#include <grpc/slice.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
#include <grpc/support/time.h>
#include "src/core/lib/gprpp/manual_constructor.h"
#include "src/core/lib/gprpp/memory.h"
#include "src/core/lib/gprpp/orphanable.h"
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/http/httpcli_ssl_credentials.h"
#include "src/core/lib/http/parser.h"
#include "src/core/lib/iomgr/closure.h"
#include "src/core/lib/iomgr/error.h"
#include "src/core/lib/iomgr/exec_ctx.h"
#include "src/core/lib/iomgr/polling_entity.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/slice/b64.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/slice/slice_refcount.h"
#include "src/core/lib/uri/uri_parser.h"
#include "src/core/tsi/ssl_types.h"
Include dependency graph for jwt_verifier.cc:

Go to the source code of this file.

Classes

struct  email_key_mapping
 
struct  grpc_jwt_claims
 
struct  grpc_jwt_verifier
 
struct  jose_header
 
struct  verifier_cb_ctx
 

Enumerations

enum  http_response_index { HTTP_RESPONSE_OPENID = 0, HTTP_RESPONSE_KEYS, HTTP_RESPONSE_COUNT }
 

Functions

static BIGNUMbignum_from_base64 (const char *b64)
 
static const EVP_MDevp_md_from_alg (const char *alg)
 
static EVP_PKEYextract_pkey_from_x509 (const char *x509_str)
 
static const Jsonfind_property_by_name (const Json &json, const char *name)
 
static EVP_PKEYfind_verification_key (const Json &json, const char *header_alg, const char *header_kid)
 
const char * grpc_jwt_claims_audience (const grpc_jwt_claims *claims)
 
grpc_jwt_verifier_status grpc_jwt_claims_check (const grpc_jwt_claims *claims, const char *audience)
 
void grpc_jwt_claims_destroy (grpc_jwt_claims *claims)
 
gpr_timespec grpc_jwt_claims_expires_at (const grpc_jwt_claims *claims)
 
grpc_jwt_claimsgrpc_jwt_claims_from_json (Json json)
 
const char * grpc_jwt_claims_id (const grpc_jwt_claims *claims)
 
gpr_timespec grpc_jwt_claims_issued_at (const grpc_jwt_claims *claims)
 
const char * grpc_jwt_claims_issuer (const grpc_jwt_claims *claims)
 
const Jsongrpc_jwt_claims_json (const grpc_jwt_claims *claims)
 
gpr_timespec grpc_jwt_claims_not_before (const grpc_jwt_claims *claims)
 
const char * grpc_jwt_claims_subject (const grpc_jwt_claims *claims)
 
const char * grpc_jwt_issuer_email_domain (const char *issuer)
 
grpc_jwt_verifiergrpc_jwt_verifier_create (const grpc_jwt_verifier_email_domain_key_url_mapping *mappings, size_t num_mappings)
 
void grpc_jwt_verifier_destroy (grpc_jwt_verifier *v)
 
const char * grpc_jwt_verifier_status_to_string (grpc_jwt_verifier_status status)
 
void grpc_jwt_verifier_verify (grpc_jwt_verifier *verifier, grpc_pollset *pollset, const char *jwt, const char *audience, grpc_jwt_verification_done_cb cb, void *user_data)
 
static void jose_header_destroy (jose_header *h)
 
static jose_headerjose_header_from_json (Json json)
 
static Json json_from_http (const grpc_http_response *response)
 
static void on_keys_retrieved (void *user_data, grpc_error_handle)
 
static void on_openid_config_retrieved (void *user_data, grpc_error_handle)
 
static Json parse_json_part_from_jwt (const char *str, size_t len)
 
static EVP_PKEYpkey_from_jwk (const Json &json, const char *kty)
 
static void retrieve_key_and_verify (verifier_cb_ctx *ctx)
 
static int RSA_set0_key (RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
 
static const char * validate_string_field (const Json &json, const char *key)
 
static gpr_timespec validate_time_field (const Json &json, const char *key)
 
static verifier_cb_ctxverifier_cb_ctx_create (grpc_jwt_verifier *verifier, grpc_pollset *pollset, jose_header *header, grpc_jwt_claims *claims, const char *audience, const grpc_slice &signature, const char *signed_jwt, size_t signed_jwt_len, void *user_data, grpc_jwt_verification_done_cb cb)
 
void verifier_cb_ctx_destroy (verifier_cb_ctx *ctx)
 
static email_key_mappingverifier_get_mapping (grpc_jwt_verifier *v, const char *email_domain)
 
static void verifier_put_mapping (grpc_jwt_verifier *v, const char *email_domain, const char *key_url_prefix)
 
static int verify_jwt_signature (EVP_PKEY *key, const char *alg, const grpc_slice &signature, const grpc_slice &signed_data)
 

Variables

gpr_timespec grpc_jwt_verifier_clock_skew = {60, 0, GPR_TIMESPAN}
 
grpc_core::Duration grpc_jwt_verifier_max_delay
 

Enumeration Type Documentation

◆ http_response_index

enum http_response_index
Enumerator
HTTP_RESPONSE_OPENID 
HTTP_RESPONSE_KEYS 
HTTP_RESPONSE_COUNT 

Definition at line 356 of file jwt_verifier.cc.

Function Documentation

◆ bignum_from_base64()

static BIGNUM* bignum_from_base64 ( const char *  b64)
static

Definition at line 479 of file jwt_verifier.cc.

◆ evp_md_from_alg()

static const EVP_MD* evp_md_from_alg ( const char *  alg)
static

Definition at line 95 of file jwt_verifier.cc.

◆ extract_pkey_from_x509()

static EVP_PKEY* extract_pkey_from_x509 ( const char *  x509_str)
static

Definition at line 456 of file jwt_verifier.cc.

◆ find_property_by_name()

static const Json* find_property_by_name ( const Json json,
const char *  name 
)
static

Definition at line 448 of file jwt_verifier.cc.

◆ find_verification_key()

static EVP_PKEY* find_verification_key ( const Json json,
const char *  header_alg,
const char *  header_kid 
)
static

Definition at line 573 of file jwt_verifier.cc.

◆ grpc_jwt_claims_audience()

const char* grpc_jwt_claims_audience ( const grpc_jwt_claims claims)

Definition at line 244 of file jwt_verifier.cc.

◆ grpc_jwt_claims_check()

grpc_jwt_verifier_status grpc_jwt_claims_check ( const grpc_jwt_claims claims,
const char *  audience 
)

Definition at line 309 of file jwt_verifier.cc.

◆ grpc_jwt_claims_destroy()

void grpc_jwt_claims_destroy ( grpc_jwt_claims claims)

Definition at line 219 of file jwt_verifier.cc.

◆ grpc_jwt_claims_expires_at()

gpr_timespec grpc_jwt_claims_expires_at ( const grpc_jwt_claims claims)

Definition at line 254 of file jwt_verifier.cc.

◆ grpc_jwt_claims_from_json()

grpc_jwt_claims* grpc_jwt_claims_from_json ( Json  json)

Definition at line 264 of file jwt_verifier.cc.

◆ grpc_jwt_claims_id()

const char* grpc_jwt_claims_id ( const grpc_jwt_claims claims)

Definition at line 239 of file jwt_verifier.cc.

◆ grpc_jwt_claims_issued_at()

gpr_timespec grpc_jwt_claims_issued_at ( const grpc_jwt_claims claims)

Definition at line 249 of file jwt_verifier.cc.

◆ grpc_jwt_claims_issuer()

const char* grpc_jwt_claims_issuer ( const grpc_jwt_claims claims)

Definition at line 234 of file jwt_verifier.cc.

◆ grpc_jwt_claims_json()

const Json* grpc_jwt_claims_json ( const grpc_jwt_claims claims)

Definition at line 224 of file jwt_verifier.cc.

◆ grpc_jwt_claims_not_before()

gpr_timespec grpc_jwt_claims_not_before ( const grpc_jwt_claims claims)

Definition at line 259 of file jwt_verifier.cc.

◆ grpc_jwt_claims_subject()

const char* grpc_jwt_claims_subject ( const grpc_jwt_claims claims)

Definition at line 229 of file jwt_verifier.cc.

◆ grpc_jwt_issuer_email_domain()

const char* grpc_jwt_issuer_email_domain ( const char *  issuer)

Definition at line 779 of file jwt_verifier.cc.

◆ grpc_jwt_verifier_create()

grpc_jwt_verifier* grpc_jwt_verifier_create ( const grpc_jwt_verifier_email_domain_key_url_mapping mappings,
size_t  num_mappings 
)

Definition at line 925 of file jwt_verifier.cc.

◆ grpc_jwt_verifier_destroy()

void grpc_jwt_verifier_destroy ( grpc_jwt_verifier v)

Definition at line 947 of file jwt_verifier.cc.

◆ grpc_jwt_verifier_status_to_string()

const char* grpc_jwt_verifier_status_to_string ( grpc_jwt_verifier_status  status)

Definition at line 73 of file jwt_verifier.cc.

◆ grpc_jwt_verifier_verify()

void grpc_jwt_verifier_verify ( grpc_jwt_verifier verifier,
grpc_pollset pollset,
const char *  jwt,
const char *  audience,
grpc_jwt_verification_done_cb  cb,
void *  user_data 
)

Definition at line 880 of file jwt_verifier.cc.

◆ jose_header_destroy()

static void jose_header_destroy ( jose_header h)
static

Definition at line 153 of file jwt_verifier.cc.

◆ jose_header_from_json()

static jose_header* jose_header_from_json ( Json  json)
static

Definition at line 158 of file jwt_verifier.cc.

◆ json_from_http()

static Json json_from_http ( const grpc_http_response response)
static

Definition at line 428 of file jwt_verifier.cc.

◆ on_keys_retrieved()

static void on_keys_retrieved ( void *  user_data,
grpc_error_handle   
)
static

Definition at line 653 of file jwt_verifier.cc.

◆ on_openid_config_retrieved()

static void on_openid_config_retrieved ( void *  user_data,
grpc_error_handle   
)
static

Definition at line 692 of file jwt_verifier.cc.

◆ parse_json_part_from_jwt()

static Json parse_json_part_from_jwt ( const char *  str,
size_t  len 
)
static

Definition at line 107 of file jwt_verifier.cc.

◆ pkey_from_jwk()

static EVP_PKEY* pkey_from_jwk ( const Json json,
const char *  kty 
)
static

Definition at line 524 of file jwt_verifier.cc.

◆ retrieve_key_and_verify()

static void retrieve_key_and_verify ( verifier_cb_ctx ctx)
static

Definition at line 795 of file jwt_verifier.cc.

◆ RSA_set0_key()

static int RSA_set0_key ( RSA r,
BIGNUM n,
BIGNUM e,
BIGNUM d 
)
static

Definition at line 498 of file jwt_verifier.cc.

◆ validate_string_field()

static const char* validate_string_field ( const Json json,
const char *  key 
)
static

Definition at line 126 of file jwt_verifier.cc.

◆ validate_time_field()

static gpr_timespec validate_time_field ( const Json json,
const char *  key 
)
static

Definition at line 134 of file jwt_verifier.cc.

◆ verifier_cb_ctx_create()

static verifier_cb_ctx* verifier_cb_ctx_create ( grpc_jwt_verifier verifier,
grpc_pollset pollset,
jose_header header,
grpc_jwt_claims claims,
const char *  audience,
const grpc_slice signature,
const char *  signed_jwt,
size_t  signed_jwt_len,
void *  user_data,
grpc_jwt_verification_done_cb  cb 
)
static

Definition at line 376 of file jwt_verifier.cc.

◆ verifier_cb_ctx_destroy()

void verifier_cb_ctx_destroy ( verifier_cb_ctx ctx)

Definition at line 396 of file jwt_verifier.cc.

◆ verifier_get_mapping()

static email_key_mapping* verifier_get_mapping ( grpc_jwt_verifier v,
const char *  email_domain 
)
static

Definition at line 750 of file jwt_verifier.cc.

◆ verifier_put_mapping()

static void verifier_put_mapping ( grpc_jwt_verifier v,
const char *  email_domain,
const char *  key_url_prefix 
)
static

Definition at line 762 of file jwt_verifier.cc.

◆ verify_jwt_signature()

static int verify_jwt_signature ( EVP_PKEY key,
const char *  alg,
const grpc_slice signature,
const grpc_slice signed_data 
)
static

Definition at line 620 of file jwt_verifier.cc.

Variable Documentation

◆ grpc_jwt_verifier_clock_skew

gpr_timespec grpc_jwt_verifier_clock_skew = {60, 0, GPR_TIMESPAN}

Definition at line 412 of file jwt_verifier.cc.

◆ grpc_jwt_verifier_max_delay

grpc_core::Duration grpc_jwt_verifier_max_delay
Initial value:
=
grpc_core::Duration::Minutes(1)

Definition at line 415 of file jwt_verifier.cc.

grpc_core::Duration::Minutes
static constexpr Duration Minutes(int64_t minutes)
Definition: src/core/lib/gprpp/time.h:147

grpc
Author(s):
autogenerated on Fri May 16 2025 03:01:21