// // // Copyright 2015 gRPC authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // // #ifndef GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H #define GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H #include <grpc/support/port_platform.h> #include <stddef.h> #include <grpc/support/time.h> #include "src/core/lib/gprpp/time.h" #include "src/core/lib/iomgr/iomgr_fwd.h" #include "src/core/lib/json/json.h" // --- Constants. --- #define GRPC_OPENID_CONFIG_URL_SUFFIX … #define GRPC_GOOGLE_SERVICE_ACCOUNTS_EMAIL_DOMAIN … #define GRPC_GOOGLE_SERVICE_ACCOUNTS_KEY_URL_PREFIX … // --- grpc_jwt_verifier_status. --- grpc_jwt_verifier_status; const char* grpc_jwt_verifier_status_to_string(grpc_jwt_verifier_status status); // --- grpc_jwt_claims. --- grpc_jwt_claims; void grpc_jwt_claims_destroy(grpc_jwt_claims* claims); // Returns the whole JSON tree of the claims. const grpc_core::Json* grpc_jwt_claims_json(const grpc_jwt_claims* claims); // Access to registered claims in https://tools.ietf.org/html/rfc7519#page-9 const char* grpc_jwt_claims_subject(const grpc_jwt_claims* claims); const char* grpc_jwt_claims_issuer(const grpc_jwt_claims* claims); const char* grpc_jwt_claims_id(const grpc_jwt_claims* claims); const char* grpc_jwt_claims_audience(const grpc_jwt_claims* claims); gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims* claims); gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims* claims); gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims* claims); // --- grpc_jwt_verifier. --- grpc_jwt_verifier; struct grpc_jwt_verifier_email_domain_key_url_mapping { … }; // Globals to control the verifier. Not thread-safe. extern gpr_timespec grpc_jwt_verifier_clock_skew; extern grpc_core::Duration grpc_jwt_verifier_max_delay; // The verifier can be created with some custom mappings to help with key // discovery in the case where the issuer is an email address. // mappings can be NULL in which case num_mappings MUST be 0. // A verifier object has one built-in mapping (unless overridden): // GRPC_GOOGLE_SERVICE_ACCOUNTS_EMAIL_DOMAIN -> // GRPC_GOOGLE_SERVICE_ACCOUNTS_KEY_URL_PREFIX. grpc_jwt_verifier* grpc_jwt_verifier_create( const grpc_jwt_verifier_email_domain_key_url_mapping* mappings, size_t num_mappings); // The verifier must not be destroyed if there are still outstanding callbacks. void grpc_jwt_verifier_destroy(grpc_jwt_verifier* verifier); // User provided callback that will be called when the verification of the JWT // is done (maybe in another thread). // It is the responsibility of the callee to call grpc_jwt_claims_destroy on // the claims. grpc_jwt_verification_done_cb; // Verifies for the JWT for the given expected audience. void grpc_jwt_verifier_verify(grpc_jwt_verifier* verifier, grpc_pollset* pollset, const char* jwt, const char* audience, grpc_jwt_verification_done_cb cb, void* user_data); // --- TESTING ONLY exposed functions. --- grpc_jwt_claims* grpc_jwt_claims_from_json(grpc_core::Json json); grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims* claims, const char* audience); const char* grpc_jwt_issuer_email_domain(const char* issuer); #endif // GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_JWT_JWT_VERIFIER_H
Codebase Browser
chromium