Home | History | Annotate | Download | only in security 
      1 /*
      2  *
      3  * Copyright 2015 gRPC authors.
      4  *
      5  * Licensed under the Apache License, Version 2.0 (the "License");
      6  * you may not use this file except in compliance with the License.
      7  * You may obtain a copy of the License at
      8  *
      9  *     http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  * Unless required by applicable law or agreed to in writing, software
     12  * distributed under the License is distributed on an "AS IS" BASIS,
     13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  * See the License for the specific language governing permissions and
     15  * limitations under the License.
     16  *
     17  */
     18 
     19 #include <stdio.h>
     20 #include <string.h>
     21 
     22 #include "src/core/lib/iomgr/load_file.h"
     23 #include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
     24 
     25 #include <grpc/slice.h>
     26 #include <grpc/support/alloc.h>
     27 #include <grpc/support/log.h>
     28 
     29 #include "test/core/util/cmdline.h"
     30 
     31 void create_jwt(const char* json_key_file_path, const char* service_url,
     32                 const char* scope) {
     33   grpc_auth_json_key key;
     34   char* jwt;
     35   grpc_slice json_key_data;
     36   GPR_ASSERT(GRPC_LOG_IF_ERROR(
     37       "load_file", grpc_load_file(json_key_file_path, 1, &json_key_data)));
     38   key = grpc_auth_json_key_create_from_string(
     39       reinterpret_cast<const char*> GRPC_SLICE_START_PTR(json_key_data));
     40   grpc_slice_unref(json_key_data);
     41   if (!grpc_auth_json_key_is_valid(&key)) {
     42     fprintf(stderr, "Could not parse json key.\n");
     43     fflush(stderr);
     44     exit(1);
     45   }
     46   jwt = grpc_jwt_encode_and_sign(
     47       &key, service_url == nullptr ? GRPC_JWT_OAUTH2_AUDIENCE : service_url,
     48       grpc_max_auth_token_lifetime(), scope);
     49   grpc_auth_json_key_destruct(&key);
     50   if (jwt == nullptr) {
     51     fprintf(stderr, "Could not create JWT.\n");
     52     fflush(stderr);
     53     exit(1);
     54   }
     55   fprintf(stdout, "%s\n", jwt);
     56   gpr_free(jwt);
     57 }
     58 
     59 int main(int argc, char** argv) {
     60   const char* scope = nullptr;
     61   const char* json_key_file_path = nullptr;
     62   const char* service_url = nullptr;
     63   grpc_init();
     64   gpr_cmdline* cl = gpr_cmdline_create("create_jwt");
     65   gpr_cmdline_add_string(cl, "json_key", "File path of the json key.",
     66                          &json_key_file_path);
     67   gpr_cmdline_add_string(cl, "scope",
     68                          "OPTIONAL Space delimited permissions. Mutually "
     69                          "exclusive with service_url",
     70                          &scope);
     71   gpr_cmdline_add_string(cl, "service_url",
     72                          "OPTIONAL service URL. Mutually exclusive with scope.",
     73                          &service_url);
     74   gpr_cmdline_parse(cl, argc, argv);
     75 
     76   if (json_key_file_path == nullptr) {
     77     fprintf(stderr, "Missing --json_key option.\n");
     78     fflush(stderr);
     79     exit(1);
     80   }
     81   if (scope != nullptr) {
     82     if (service_url != nullptr) {
     83       fprintf(stderr,
     84               "Options --scope and --service_url are mutually exclusive.\n");
     85       fflush(stderr);
     86       exit(1);
     87     }
     88   } else if (service_url == nullptr) {
     89     fprintf(stderr, "Need one of --service_url or --scope options.\n");
     90     fflush(stderr);
     91     exit(1);
     92   }
     93 
     94   create_jwt(json_key_file_path, service_url, scope);
     95 
     96   gpr_cmdline_destroy(cl);
     97   grpc_shutdown();
     98   return 0;
     99 }
    100