Skip to content
Snippets Groups Projects
Commit 502eb90b authored by yang-g's avatar yang-g
Browse files

redact json key

parent 3b51f0b4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/core/lib/security/credentials/jwt/jwt_credentials.c
+ 42
9
View file @ 502eb90b
...@@ -144,17 +144,50 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key( ...@@ -144,17 +144,50 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
return &c->base; return &c->base;
} }
static char *redact_private_key(const char *json_key) {
const char *json_key_end = json_key + strlen(json_key);
const char *begin_cue = "BEGIN PRIVATE KEY";
const char *end_cue = "END PRIVATE KEY";
const char *redacted = " <redacted> ";
const char *begin_redact = strstr(json_key, begin_cue);
const char *end_redact = strstr(json_key, end_cue);
if (!begin_redact) {
begin_redact = json_key;
} else {
begin_redact += strlen(begin_cue);
}
if (!end_redact) {
end_redact = json_key_end;
}
GPR_ASSERT(end_redact - begin_redact >= 0);
size_t result_length =
strlen(json_key) - (size_t)(end_redact - begin_redact) + strlen(redacted);
char *clean_json = (char *)gpr_malloc(result_length + 1);
clean_json[result_length] = 0;
char *current = clean_json;
memcpy(current, json_key, (size_t)(begin_redact - json_key));
current += (begin_redact - json_key);
memcpy(current, redacted, strlen(redacted));
current += strlen(redacted);
memcpy(current, end_redact, (size_t)(json_key_end - end_redact));
return clean_json;
}
grpc_call_credentials *grpc_service_account_jwt_access_credentials_create( grpc_call_credentials *grpc_service_account_jwt_access_credentials_create(
const char *json_key, gpr_timespec token_lifetime, void *reserved) { const char *json_key, gpr_timespec token_lifetime, void *reserved) {
GRPC_API_TRACE( if (grpc_api_trace) {
"grpc_service_account_jwt_access_credentials_create(" char *clean_json = redact_private_key(json_key);
"json_key=%s, " gpr_log(GPR_INFO,
"token_lifetime=" "grpc_service_account_jwt_access_credentials_create("
"gpr_timespec { tv_sec: %" PRId64 "json_key=%s, "
", tv_nsec: %d, clock_type: %d }, " "token_lifetime="
"reserved=%p)", "gpr_timespec { tv_sec: %" PRId64
5, (json_key, token_lifetime.tv_sec, token_lifetime.tv_nsec, ", tv_nsec: %d, clock_type: %d }, "
(int)token_lifetime.clock_type, reserved)); "reserved=%p)",
clean_json, token_lifetime.tv_sec, token_lifetime.tv_nsec,
(int)token_lifetime.clock_type, reserved);
gpr_free(clean_json);
}
GPR_ASSERT(reserved == NULL); GPR_ASSERT(reserved == NULL);
return grpc_service_account_jwt_access_credentials_create_from_auth_json_key( return grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
grpc_auth_json_key_create_from_string(json_key), token_lifetime); grpc_auth_json_key_create_from_string(json_key), token_lifetime);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment