Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(529)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tokenserver/appengine/impl/serviceaccounts/grant.go

Issue 2999483002: tokenserver: Implement InspectOAuthTokenGrant RPC. (Closed)
Patch Set: Created 3 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | tokenserver/appengine/impl/serviceaccounts/rpc_inspect_oauth_token_grant.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The LUCI Authors. 1 // Copyright 2017 The LUCI Authors.
2 // 2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); 3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License. 4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at 5 // You may obtain a copy of the License at
6 // 6 //
7 // http://www.apache.org/licenses/LICENSE-2.0 7 // http://www.apache.org/licenses/LICENSE-2.0
8 // 8 //
9 // Unless required by applicable law or agreed to in writing, software 9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, 10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and 12 // See the License for the specific language governing permissions and
13 // limitations under the License. 13 // limitations under the License.
14 14
15 package serviceaccounts 15 package serviceaccounts
16 16
17 import ( 17 import (
18 "time"
19
18 "github.com/golang/protobuf/proto" 20 "github.com/golang/protobuf/proto"
19 "golang.org/x/net/context" 21 "golang.org/x/net/context"
20 22
23 "github.com/luci/luci-go/common/proto/google"
21 "github.com/luci/luci-go/server/auth/signing" 24 "github.com/luci/luci-go/server/auth/signing"
22 25
23 "github.com/luci/luci-go/tokenserver/api" 26 "github.com/luci/luci-go/tokenserver/api"
24 "github.com/luci/luci-go/tokenserver/appengine/impl/utils/tokensigning" 27 "github.com/luci/luci-go/tokenserver/appengine/impl/utils/tokensigning"
25 ) 28 )
26 29
27 // tokenSigningContext is used to make sure grant token is not misused in 30 // tokenSigningContext is used to make sure grant token is not misused in
28 // place of some other token. 31 // place of some other token.
29 // 32 //
30 // See SigningContext in utils/tokensigning.Signer. 33 // See SigningContext in utils/tokensigning.Signer.
(...skipping 11 matching lines...) Expand all
42 Wrap: func(w *tokensigning.Unwrapped) proto.Message { 45 Wrap: func(w *tokensigning.Unwrapped) proto.Message {
43 return &tokenserver.OAuthTokenGrantEnvelope{ 46 return &tokenserver.OAuthTokenGrantEnvelope{
44 TokenBody: w.Body, 47 TokenBody: w.Body,
45 Pkcs1Sha256Sig: w.RsaSHA256Sig, 48 Pkcs1Sha256Sig: w.RsaSHA256Sig,
46 KeyId: w.KeyID, 49 KeyId: w.KeyID,
47 } 50 }
48 }, 51 },
49 } 52 }
50 return s.SignToken(c, tok) 53 return s.SignToken(c, tok)
51 } 54 }
55
56 // InspectGrant returns information about the OAuth grant.
57 //
58 // Inspection.Envelope is either nil or *tokenserver.OAuthTokenGrantEnvelope.
59 // Inspection.Body is either nil or *tokenserver.OAuthTokenGrantBody.
60 func InspectGrant(c context.Context, certs tokensigning.CertificatesSupplier, to k string) (*tokensigning.Inspection, error) {
61 i := tokensigning.Inspector{
62 Certificates: certs,
63 SigningContext: tokenSigningContext,
64 Envelope: func() proto.Message { return &tokenserver.OAuth TokenGrantEnvelope{} },
65 Body: func() proto.Message { return &tokenserver.OAuth TokenGrantBody{} },
66 Unwrap: func(e proto.Message) tokensigning.Unwrapped {
67 env := e.(*tokenserver.OAuthTokenGrantEnvelope)
68 return tokensigning.Unwrapped{
69 Body: env.TokenBody,
70 RsaSHA256Sig: env.Pkcs1Sha256Sig,
71 KeyID: env.KeyId,
72 }
73 },
74 Lifespan: func(b proto.Message) tokensigning.Lifespan {
75 body := b.(*tokenserver.OAuthTokenGrantBody)
76 issuedAt := google.TimeFromProto(body.IssuedAt)
77 return tokensigning.Lifespan{
78 NotBefore: issuedAt,
79 NotAfter: issuedAt.Add(time.Duration(body.Valid ityDuration) * time.Second),
80 }
81 },
82 }
83 return i.InspectToken(c, tok)
84 }
OLDNEW
« no previous file with comments | « no previous file | tokenserver/appengine/impl/serviceaccounts/rpc_inspect_oauth_token_grant.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698