Codebase Browser
chromium
Go to App

chromium/third_party/grpc/src/src/core/lib/security/credentials/jwt/jwt_verifier.cc 

//
//
// Copyright 2015 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
//

#include <grpc/support/port_platform.h>

#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"

#include <limits.h>
#include <stdlib.h>
#include <string.h>

#include <map>
#include <memory>
#include <string>
#include <utility>
#include <vector>

#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>

#include "absl/status/status.h"
#include "absl/status/statusor.h"
#include "absl/strings/string_view.h"

#include <grpc/grpc.h>
#include <grpc/slice.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
#include <grpc/support/time.h>

#include "src/core/lib/gpr/string.h"
#include "src/core/lib/gprpp/manual_constructor.h"
#include "src/core/lib/gprpp/memory.h"
#include "src/core/lib/gprpp/orphanable.h"
#include "src/core/lib/http/httpcli.h"
#include "src/core/lib/http/httpcli_ssl_credentials.h"
#include "src/core/lib/http/parser.h"
#include "src/core/lib/iomgr/closure.h"
#include "src/core/lib/iomgr/error.h"
#include "src/core/lib/iomgr/exec_ctx.h"
#include "src/core/lib/iomgr/iomgr_fwd.h"
#include "src/core/lib/iomgr/polling_entity.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/slice/b64.h"
#include "src/core/lib/slice/slice.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/uri/uri_parser.h"
#include "src/core/tsi/ssl_types.h"

Json;

// --- Utils. ---

const char* grpc_jwt_verifier_status_to_string(
    grpc_jwt_verifier_status status) {}

static const EVP_MD* evp_md_from_alg(const char* alg) {}

static Json parse_json_part_from_jwt(const char* str, size_t len) {}

static const char* validate_string_field(const Json& json, const char* key) {}

static gpr_timespec validate_time_field(const Json& json, const char* key) {}

// --- JOSE header. see http://tools.ietf.org/html/rfc7515#section-4 ---

struct jose_header {};
static void jose_header_destroy(jose_header* h) {}

static jose_header* jose_header_from_json(Json json) {}

// --- JWT claims. see http://tools.ietf.org/html/rfc7519#section-4.1

struct grpc_jwt_claims {};

void grpc_jwt_claims_destroy(grpc_jwt_claims* claims) {}

const Json* grpc_jwt_claims_json(const grpc_jwt_claims* claims) {}

const char* grpc_jwt_claims_subject(const grpc_jwt_claims* claims) {}

const char* grpc_jwt_claims_issuer(const grpc_jwt_claims* claims) {}

const char* grpc_jwt_claims_id(const grpc_jwt_claims* claims) {}

const char* grpc_jwt_claims_audience(const grpc_jwt_claims* claims) {}

gpr_timespec grpc_jwt_claims_issued_at(const grpc_jwt_claims* claims) {}

gpr_timespec grpc_jwt_claims_expires_at(const grpc_jwt_claims* claims) {}

gpr_timespec grpc_jwt_claims_not_before(const grpc_jwt_claims* claims) {}

grpc_jwt_claims* grpc_jwt_claims_from_json(Json json) {}

grpc_jwt_verifier_status grpc_jwt_claims_check(const grpc_jwt_claims* claims,
                                               const char* audience) {}

// --- verifier_cb_ctx object. ---

http_response_index;

struct verifier_cb_ctx {};
// Takes ownership of the header, claims and signature.
static verifier_cb_ctx* verifier_cb_ctx_create(
    grpc_jwt_verifier* verifier, grpc_pollset* pollset, jose_header* header,
    grpc_jwt_claims* claims, const char* audience, const grpc_slice& signature,
    const char* signed_jwt, size_t signed_jwt_len, void* user_data,
    grpc_jwt_verification_done_cb cb) {}

void verifier_cb_ctx_destroy(verifier_cb_ctx* ctx) {}

// --- grpc_jwt_verifier object. ---

// Clock skew defaults to one minute.
gpr_timespec grpc_jwt_verifier_clock_skew =;

// Max delay defaults to one minute.
grpc_core::Duration grpc_jwt_verifier_max_delay =;

struct email_key_mapping {};
struct grpc_jwt_verifier {};

static Json json_from_http(const grpc_http_response* response) {}

static const Json* find_property_by_name(const Json& json, const char* name) {}

static EVP_PKEY* extract_pkey_from_x509(const char* x509_str) {}

static BIGNUM* bignum_from_base64(const char* b64) {}

#if OPENSSL_VERSION_NUMBER < 0x10100000L

// Provide compatibility across OpenSSL 1.02 and 1.1.
static int RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d) {
  // If the fields n and e in r are NULL, the corresponding input
  // parameters MUST be non-NULL for n and e.  d may be
  // left NULL (in case only the public key is used).
  //
  if ((r->n == nullptr && n == nullptr) || (r->e == nullptr && e == nullptr)) {
    return 0;
  }

  if (n != nullptr) {
    BN_free(r->n);
    r->n = n;
  }
  if (e != nullptr) {
    BN_free(r->e);
    r->e = e;
  }
  if (d != nullptr) {
    BN_free(r->d);
    r->d = d;
  }

  return 1;
}
#endif  // OPENSSL_VERSION_NUMBER < 0x10100000L

static EVP_PKEY* pkey_from_jwk(const Json& json, const char* kty) {}

static EVP_PKEY* find_verification_key(const Json& json, const char* header_alg,
                                       const char* header_kid) {}

static int verify_jwt_signature(EVP_PKEY* key, const char* alg,
                                const grpc_slice& signature,
                                const grpc_slice& signed_data) {}

static void on_keys_retrieved(void* user_data, grpc_error_handle /*error*/) {}

static void on_openid_config_retrieved(void* user_data,
                                       grpc_error_handle /*error*/) {}

static email_key_mapping* verifier_get_mapping(grpc_jwt_verifier* v,
                                               const char* email_domain) {}

static void verifier_put_mapping(grpc_jwt_verifier* v, const char* email_domain,
                                 const char* key_url_prefix) {}

// Very non-sophisticated way to detect an email address. Should be good
// enough for now...
const char* grpc_jwt_issuer_email_domain(const char* issuer) {}

// Takes ownership of ctx.
static void retrieve_key_and_verify(verifier_cb_ctx* ctx) {}

void grpc_jwt_verifier_verify(grpc_jwt_verifier* verifier,
                              grpc_pollset* pollset, const char* jwt,
                              const char* audience,
                              grpc_jwt_verification_done_cb cb,
                              void* user_data) {}

grpc_jwt_verifier* grpc_jwt_verifier_create(
    const grpc_jwt_verifier_email_domain_key_url_mapping* mappings,
    size_t num_mappings) {}

void grpc_jwt_verifier_destroy(grpc_jwt_verifier* v) {}