Merge github.com:grpc/grpc into churn-churn-churn-the-api-gently-down-the-stream

pull/1493/head
Craig Tiller 10 years ago
commit 0b0e979125
  1. 2
      BUILD
  2. 164
      Makefile
  3. 2
      build.json
  4. 7
      include/grpc/grpc_security.h
  5. 127
      src/core/security/auth.c
  6. 79
      src/core/security/security_context.c
  7. 48
      src/core/security/security_context.h
  8. 2
      src/core/surface/call.c
  9. 8
      src/core/surface/call.h
  10. 1
      test/core/end2end/end2end_tests.h
  11. 4
      test/core/end2end/fixtures/chttp2_fake_security.c
  12. 3
      test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c
  13. 3
      test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c
  14. 66
      test/core/end2end/gen_build_json.py
  15. 338
      test/core/end2end/tests/request_response_with_payload_and_call_creds.c
  16. 2
      tools/run_tests/run_node.sh
  17. 50
      tools/run_tests/tests.json
  18. 34
      vsprojects/Grpc.mak
  19. 3
      vsprojects/grpc/grpc.vcxproj
  20. 6
      vsprojects/grpc/grpc.vcxproj.filters

@ -135,6 +135,7 @@ cc_library(
"src/core/security/secure_endpoint.h",
"src/core/security/secure_transport_setup.h",
"src/core/security/security_connector.h",
"src/core/security/security_context.h",
"src/core/tsi/fake_transport_security.h",
"src/core/tsi/ssl_transport_security.h",
"src/core/tsi/transport_security.h",
@ -240,6 +241,7 @@ cc_library(
"src/core/security/secure_endpoint.c",
"src/core/security/secure_transport_setup.c",
"src/core/security/security_connector.c",
"src/core/security/security_context.c",
"src/core/security/server_secure_chttp2.c",
"src/core/surface/init_secure.c",
"src/core/surface/secure_channel_create.c",

File diff suppressed because one or more lines are too long

@ -410,6 +410,7 @@
"src/core/security/secure_endpoint.h",
"src/core/security/secure_transport_setup.h",
"src/core/security/security_connector.h",
"src/core/security/security_context.h",
"src/core/tsi/fake_transport_security.h",
"src/core/tsi/ssl_transport_security.h",
"src/core/tsi/transport_security.h",
@ -430,6 +431,7 @@
"src/core/security/secure_endpoint.c",
"src/core/security/secure_transport_setup.c",
"src/core/security/security_connector.c",
"src/core/security/security_context.c",
"src/core/security/server_secure_chttp2.c",
"src/core/surface/init_secure.c",
"src/core/surface/secure_channel_create.c",

@ -184,6 +184,13 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr,
grpc_server_credentials *creds);
/* --- Call specific credentials. --- */
/* Sets a credentials to a call. Can only be called on the client side before
grpc_call_start_batch. */
grpc_call_error grpc_call_set_credentials(grpc_call *call,
grpc_credentials *creds);
#ifdef __cplusplus
}
#endif

@ -40,6 +40,7 @@
#include "src/core/support/string.h"
#include "src/core/channel/channel_stack.h"
#include "src/core/security/security_context.h"
#include "src/core/security/security_connector.h"
#include "src/core/security/credentials.h"
#include "src/core/surface/call.h"
@ -67,6 +68,15 @@ typedef struct {
grpc_mdstr *status_key;
} channel_data;
static void bubble_up_error(grpc_call_element *elem, const char *error_msg) {
call_data *calld = elem->call_data;
channel_data *chand = elem->channel_data;
grpc_transport_op_add_cancellation(
&calld->op, GRPC_STATUS_UNAUTHENTICATED,
grpc_mdstr_from_string(chand->md_ctx, error_msg));
grpc_call_next_op(elem, &calld->op);
}
static void on_credentials_metadata(void *user_data, grpc_mdelem **md_elems,
size_t num_md,
grpc_credentials_status status) {
@ -75,6 +85,10 @@ static void on_credentials_metadata(void *user_data, grpc_mdelem **md_elems,
grpc_transport_op *op = &calld->op;
grpc_metadata_batch *mdb;
size_t i;
if (status != GRPC_CREDENTIALS_OK) {
bubble_up_error(elem, "Credentials failed to get metadata.");
return;
}
GPR_ASSERT(num_md <= MAX_CREDENTIALS_METADATA_COUNT);
GPR_ASSERT(op->send_ops && op->send_ops->nops > calld->op_md_idx &&
op->send_ops->ops[calld->op_md_idx].type == GRPC_OP_METADATA);
@ -108,37 +122,48 @@ static char *build_service_url(const char *url_scheme, call_data *calld) {
static void send_security_metadata(grpc_call_element *elem,
grpc_transport_op *op) {
/* grab pointers to our data from the call element */
call_data *calld = elem->call_data;
channel_data *channeld = elem->channel_data;
channel_data *chand = elem->channel_data;
grpc_client_security_context *ctx =
(grpc_client_security_context *)op->context[GRPC_CONTEXT_SECURITY];
char *service_url = NULL;
grpc_credentials *channel_creds =
channeld->security_connector->request_metadata_creds;
/* TODO(jboeuf):
Decide on the policy in this case:
- populate both channel and call?
- the call takes precedence over the channel?
- leave this decision up to the channel credentials? */
if (calld->creds != NULL) {
gpr_log(GPR_ERROR, "Ignoring per call credentials for now.");
chand->security_connector->request_metadata_creds;
int channel_creds_has_md =
(channel_creds != NULL) &&
grpc_credentials_has_request_metadata(channel_creds);
int call_creds_has_md = (ctx != NULL) && (ctx->creds != NULL) &&
grpc_credentials_has_request_metadata(ctx->creds);
if (!channel_creds_has_md && !call_creds_has_md) {
/* Skip sending metadata altogether. */
grpc_call_next_op(elem, op);
return;
}
if (channel_creds_has_md && call_creds_has_md) {
calld->creds = grpc_composite_credentials_create(channel_creds, ctx->creds);
if (calld->creds == NULL) {
bubble_up_error(elem,
"Incompatible credentials set on channel and call.");
return;
}
} else {
calld->creds =
grpc_credentials_ref(call_creds_has_md ? ctx->creds : channel_creds);
}
if (channel_creds != NULL &&
grpc_credentials_has_request_metadata(channel_creds)) {
char *service_url =
build_service_url(channeld->security_connector->base.url_scheme, calld);
service_url =
build_service_url(chand->security_connector->base.url_scheme, calld);
calld->op = *op; /* Copy op (originates from the caller's stack). */
grpc_credentials_get_request_metadata(channel_creds, service_url,
grpc_credentials_get_request_metadata(calld->creds, service_url,
on_credentials_metadata, elem);
gpr_free(service_url);
} else {
grpc_call_next_op(elem, op);
}
}
static void on_host_checked(void *user_data, grpc_security_status status) {
grpc_call_element *elem = (grpc_call_element *)user_data;
call_data *calld = elem->call_data;
channel_data *chand = elem->channel_data;
if (status == GRPC_SECURITY_OK) {
send_security_metadata(elem, &calld->op);
@ -146,11 +171,8 @@ static void on_host_checked(void *user_data, grpc_security_status status) {
char *error_msg;
gpr_asprintf(&error_msg, "Invalid host %s set in :authority metadata.",
grpc_mdstr_as_c_string(calld->host));
grpc_transport_op_add_cancellation(
&calld->op, GRPC_STATUS_UNAUTHENTICATED,
grpc_mdstr_from_string(chand->md_ctx, error_msg));
bubble_up_error(elem, error_msg);
gpr_free(error_msg);
grpc_call_next_op(elem, &calld->op);
}
}
@ -163,7 +185,7 @@ static void auth_start_transport_op(grpc_call_element *elem,
grpc_transport_op *op) {
/* grab pointers to our data from the call element */
call_data *calld = elem->call_data;
channel_data *channeld = elem->channel_data;
channel_data *chand = elem->channel_data;
grpc_linked_mdelem *l;
size_t i;
@ -179,10 +201,10 @@ static void auth_start_transport_op(grpc_call_element *elem,
grpc_mdelem *md = l->md;
/* Pointer comparison is OK for md_elems created from the same context.
*/
if (md->key == channeld->authority_string) {
if (md->key == chand->authority_string) {
if (calld->host != NULL) grpc_mdstr_unref(calld->host);
calld->host = grpc_mdstr_ref(md->value);
} else if (md->key == channeld->path_string) {
} else if (md->key == chand->path_string) {
if (calld->method != NULL) grpc_mdstr_unref(calld->method);
calld->method = grpc_mdstr_ref(md->value);
}
@ -192,18 +214,15 @@ static void auth_start_transport_op(grpc_call_element *elem,
const char *call_host = grpc_mdstr_as_c_string(calld->host);
calld->op = *op; /* Copy op (originates from the caller's stack). */
status = grpc_channel_security_connector_check_call_host(
channeld->security_connector, call_host, on_host_checked, elem);
chand->security_connector, call_host, on_host_checked, elem);
if (status != GRPC_SECURITY_OK) {
if (status == GRPC_SECURITY_ERROR) {
char *error_msg;
gpr_asprintf(&error_msg,
"Invalid host %s set in :authority metadata.",
call_host);
grpc_transport_op_add_cancellation(
&calld->op, GRPC_STATUS_UNAUTHENTICATED,
grpc_mdstr_from_string(channeld->md_ctx, error_msg));
bubble_up_error(elem, error_msg);
gpr_free(error_msg);
grpc_call_next_op(elem, &calld->op);
}
return; /* early exit */
}
@ -228,8 +247,6 @@ static void channel_op(grpc_channel_element *elem,
static void init_call_elem(grpc_call_element *elem,
const void *server_transport_data,
grpc_transport_op *initial_op) {
/* TODO(jboeuf):
Find a way to pass-in the credentials from the caller here. */
call_data *calld = elem->call_data;
calld->creds = NULL;
calld->host = NULL;
@ -242,9 +259,7 @@ static void init_call_elem(grpc_call_element *elem,
/* Destructor for call_data */
static void destroy_call_elem(grpc_call_element *elem) {
call_data *calld = elem->call_data;
if (calld->creds != NULL) {
grpc_credentials_unref(calld->creds);
}
if (calld->host != NULL) {
grpc_mdstr_unref(calld->host);
}
@ -260,7 +275,7 @@ static void init_channel_elem(grpc_channel_element *elem,
int is_last) {
grpc_security_connector *ctx = grpc_find_security_connector_in_args(args);
/* grab pointers to our data from the channel element */
channel_data *channeld = elem->channel_data;
channel_data *chand = elem->channel_data;
/* The first and the last filters tend to be implemented differently to
handle the case that there's no 'next' filter to call on the up or down
@ -271,35 +286,35 @@ static void init_channel_elem(grpc_channel_element *elem,
/* initialize members */
GPR_ASSERT(ctx->is_client_side);
channeld->security_connector =
chand->security_connector =
(grpc_channel_security_connector *)grpc_security_connector_ref(ctx);
channeld->md_ctx = metadata_context;
channeld->authority_string =
grpc_mdstr_from_string(channeld->md_ctx, ":authority");
channeld->path_string = grpc_mdstr_from_string(channeld->md_ctx, ":path");
channeld->error_msg_key =
grpc_mdstr_from_string(channeld->md_ctx, "grpc-message");
channeld->status_key =
grpc_mdstr_from_string(channeld->md_ctx, "grpc-status");
chand->md_ctx = metadata_context;
chand->authority_string =
grpc_mdstr_from_string(chand->md_ctx, ":authority");
chand->path_string = grpc_mdstr_from_string(chand->md_ctx, ":path");
chand->error_msg_key =
grpc_mdstr_from_string(chand->md_ctx, "grpc-message");
chand->status_key =
grpc_mdstr_from_string(chand->md_ctx, "grpc-status");
}
/* Destructor for channel data */
static void destroy_channel_elem(grpc_channel_element *elem) {
/* grab pointers to our data from the channel element */
channel_data *channeld = elem->channel_data;
grpc_channel_security_connector *ctx = channeld->security_connector;
channel_data *chand = elem->channel_data;
grpc_channel_security_connector *ctx = chand->security_connector;
if (ctx != NULL) grpc_security_connector_unref(&ctx->base);
if (channeld->authority_string != NULL) {
grpc_mdstr_unref(channeld->authority_string);
if (chand->authority_string != NULL) {
grpc_mdstr_unref(chand->authority_string);
}
if (channeld->error_msg_key != NULL) {
grpc_mdstr_unref(channeld->error_msg_key);
if (chand->error_msg_key != NULL) {
grpc_mdstr_unref(chand->error_msg_key);
}
if (channeld->status_key != NULL) {
grpc_mdstr_unref(channeld->status_key);
if (chand->status_key != NULL) {
grpc_mdstr_unref(chand->status_key);
}
if (channeld->path_string != NULL) {
grpc_mdstr_unref(channeld->path_string);
if (chand->path_string != NULL) {
grpc_mdstr_unref(chand->path_string);
}
}

@ -0,0 +1,79 @@
/*
*
* Copyright 2015, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <string.h>
#include "src/core/security/security_context.h"
#include "src/core/surface/call.h"
#include <grpc/grpc_security.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
grpc_call_error grpc_call_set_credentials(grpc_call *call,
grpc_credentials *creds) {
grpc_client_security_context *ctx = NULL;
if (!grpc_call_is_client(call)) {
gpr_log(GPR_ERROR, "Method is client-side only.");
return GRPC_CALL_ERROR_NOT_ON_SERVER;
}
if (creds != NULL && !grpc_credentials_has_request_metadata_only(creds)) {
gpr_log(GPR_ERROR, "Incompatible credentials to set on a call.");
return GRPC_CALL_ERROR;
}
ctx = (grpc_client_security_context *)grpc_call_context_get(
call, GRPC_CONTEXT_SECURITY);
if (ctx == NULL) {
ctx = grpc_client_security_context_create();
ctx->creds = grpc_credentials_ref(creds);
grpc_call_context_set(call, GRPC_CONTEXT_SECURITY, ctx,
grpc_client_security_context_destroy);
} else {
grpc_credentials_unref(ctx->creds);
ctx->creds = grpc_credentials_ref(creds);
}
return GRPC_CALL_OK;
}
grpc_client_security_context *grpc_client_security_context_create(void) {
grpc_client_security_context *ctx =
gpr_malloc(sizeof(grpc_client_security_context));
memset(ctx, 0, sizeof(grpc_client_security_context));
return ctx;
}
void grpc_client_security_context_destroy(void *ctx) {
grpc_client_security_context *c = (grpc_client_security_context *)ctx;
grpc_credentials_unref(c->creds);
gpr_free(ctx);
}

@ -0,0 +1,48 @@
/*
*
* Copyright 2015, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef GRPC_INTERNAL_CORE_SECURITY_SECURITY_CONTEXT_H
#define GRPC_INTERNAL_CORE_SECURITY_SECURITY_CONTEXT_H
#include "src/core/security/credentials.h"
/* Security context attached to a client-side call. */
typedef struct {
grpc_credentials *creds;
} grpc_client_security_context;
grpc_client_security_context *grpc_client_security_context_create(void);
void grpc_client_security_context_destroy(void *ctx);
#endif /* GRPC_INTERNAL_CORE_SECURITY_SECURITY_CONTEXT_H */

@ -1302,3 +1302,5 @@ void grpc_call_context_set(grpc_call *call, grpc_context_index elem, void *value
void *grpc_call_context_get(grpc_call *call, grpc_context_index elem) {
return call->context[elem];
}
gpr_uint8 grpc_call_is_client(grpc_call *call) { return call->is_client; }

@ -98,12 +98,14 @@ grpc_completion_queue *grpc_call_get_completion_queue(grpc_call *call);
void grpc_call_internal_ref(grpc_call *call, const char *reason);
void grpc_call_internal_unref(grpc_call *call, const char *reason, int allow_immediate_deletion);
#define GRPC_CALL_INTERNAL_REF(call, reason) grpc_call_internal_ref(call, reason)
#define GRPC_CALL_INTERNAL_UNREF(call, reason, allow_immediate_deletion) grpc_call_internal_unref(call, reason, allow_immediate_deletion)
#define GRPC_CALL_INTERNAL_UNREF(call, reason, allow_immediate_deletion) \
grpc_call_internal_unref(call, reason, allow_immediate_deletion)
#else
void grpc_call_internal_ref(grpc_call *call);
void grpc_call_internal_unref(grpc_call *call, int allow_immediate_deletion);
#define GRPC_CALL_INTERNAL_REF(call, reason) grpc_call_internal_ref(call)
#define GRPC_CALL_INTERNAL_UNREF(call, reason, allow_immediate_deletion) grpc_call_internal_unref(call, allow_immediate_deletion)
#define GRPC_CALL_INTERNAL_UNREF(call, reason, allow_immediate_deletion) \
grpc_call_internal_unref(call, allow_immediate_deletion)
#endif
grpc_call_error grpc_call_start_ioreq_and_call_back(
@ -131,4 +133,6 @@ void *grpc_call_context_get(grpc_call *call, grpc_context_index elem);
#define GRPC_CALL_LOG_BATCH(sev, call, ops, nops, tag) \
if (grpc_trace_batch) grpc_call_log_batch(sev, call, ops, nops, tag)
gpr_uint8 grpc_call_is_client(grpc_call *call);
#endif /* GRPC_INTERNAL_CORE_SURFACE_CALL_H */

@ -41,6 +41,7 @@ typedef struct grpc_end2end_test_config grpc_end2end_test_config;
#define FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION 1
#define FEATURE_MASK_SUPPORTS_HOSTNAME_VERIFICATION 2
#define FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS 4
struct grpc_end2end_test_fixture {
grpc_completion_queue *server_cq;

@ -112,7 +112,9 @@ static void chttp2_init_server_fake_secure_fullstack(
/* All test configurations */
static grpc_end2end_test_config configs[] = {
{"chttp2/fake_secure_fullstack", FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION,
{"chttp2/fake_secure_fullstack",
FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION |
FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS,
chttp2_create_fixture_secure_fullstack,
chttp2_init_client_fake_secure_fullstack,
chttp2_init_server_fake_secure_fullstack,

@ -124,7 +124,8 @@ static void chttp2_init_server_simple_ssl_secure_fullstack(
static grpc_end2end_test_config configs[] = {
{"chttp2/simple_ssl_fullstack",
FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION |
FEATURE_MASK_SUPPORTS_HOSTNAME_VERIFICATION,
FEATURE_MASK_SUPPORTS_HOSTNAME_VERIFICATION |
FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS,
chttp2_create_fixture_secure_fullstack,
chttp2_init_client_simple_ssl_secure_fullstack,
chttp2_init_server_simple_ssl_secure_fullstack,

@ -129,7 +129,8 @@ static void chttp2_init_server_simple_ssl_secure_fullstack(
static grpc_end2end_test_config configs[] = {
{"chttp2/simple_ssl_with_oauth2_fullstack",
FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION |
FEATURE_MASK_SUPPORTS_HOSTNAME_VERIFICATION,
FEATURE_MASK_SUPPORTS_HOSTNAME_VERIFICATION |
FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS,
chttp2_create_fixture_secure_fullstack,
chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack,
chttp2_init_server_simple_ssl_secure_fullstack,

@ -33,6 +33,7 @@
import simplejson
import collections
# maps fixture name to whether it requires the security library
@ -46,35 +47,38 @@ END2END_FIXTURES = {
'chttp2_socket_pair_one_byte_at_a_time': False,
}
# maps tests names to whether they run fine or not (aka, not flaky)
TestOptions = collections.namedtuple('TestOptions', 'flaky secure')
default_test_options = TestOptions(False, False)
# maps test names to options
END2END_TESTS = {
'bad_hostname': True,
'cancel_after_accept': False,
'cancel_after_accept_and_writes_closed': True,
'cancel_after_invoke': True,
'cancel_before_invoke': True,
'cancel_in_a_vacuum': True,
'census_simple_request': True,
'disappearing_server': True,
'early_server_shutdown_finishes_inflight_calls': True,
'early_server_shutdown_finishes_tags': True,
'empty_batch': True,
'graceful_server_shutdown': True,
'invoke_large_request': False,
'max_concurrent_streams': True,
'max_message_length': True,
'no_op': True,
'ping_pong_streaming': True,
'registered_call': True,
'request_response_with_binary_metadata_and_payload': True,
'request_response_with_metadata_and_payload': True,
'request_response_with_payload': True,
'request_response_with_trailing_metadata_and_payload': True,
'request_with_large_metadata': True,
'request_with_payload': True,
'simple_delayed_request': True,
'simple_request': True,
'simple_request_with_high_initial_sequence_number': True,
'bad_hostname': default_test_options,
'cancel_after_accept': TestOptions(flaky=True, secure=False),
'cancel_after_accept_and_writes_closed': default_test_options,
'cancel_after_invoke': default_test_options,
'cancel_before_invoke': default_test_options,
'cancel_in_a_vacuum': default_test_options,
'census_simple_request': default_test_options,
'disappearing_server': default_test_options,
'early_server_shutdown_finishes_inflight_calls': default_test_options,
'early_server_shutdown_finishes_tags': default_test_options,
'empty_batch': default_test_options,
'graceful_server_shutdown': default_test_options,
'invoke_large_request': TestOptions(flaky=True, secure=False),
'max_concurrent_streams': default_test_options,
'max_message_length': default_test_options,
'no_op': default_test_options,
'ping_pong_streaming': default_test_options,
'registered_call': default_test_options,
'request_response_with_binary_metadata_and_payload': default_test_options,
'request_response_with_metadata_and_payload': default_test_options,
'request_response_with_payload': default_test_options,
'request_response_with_payload_and_call_creds': TestOptions(flaky=False, secure=True),
'request_with_large_metadata': default_test_options,
'request_with_payload': default_test_options,
'simple_delayed_request': default_test_options,
'simple_request': default_test_options,
'simple_request_with_high_initial_sequence_number': default_test_options,
}
@ -94,7 +98,7 @@ def main():
'name': 'end2end_test_%s' % t,
'build': 'private',
'language': 'c',
'secure': 'no',
'secure': 'check' if END2END_TESTS[t].secure else 'no',
'src': ['test/core/end2end/tests/%s.c' % t],
'headers': ['test/core/end2end/tests/cancel_test_helpers.h']
}
@ -116,7 +120,7 @@ def main():
'build': 'test',
'language': 'c',
'src': [],
'flaky': not END2END_TESTS[t],
'flaky': END2END_TESTS[t].flaky,
'deps': [
'end2end_fixture_%s' % f,
'end2end_test_%s' % t,
@ -146,7 +150,7 @@ def main():
]
}
for f in sorted(END2END_FIXTURES.keys()) if not END2END_FIXTURES[f]
for t in sorted(END2END_TESTS.keys())]}
for t in sorted(END2END_TESTS.keys()) if not END2END_TESTS[t].secure]}
print simplejson.dumps(json, sort_keys=True, indent=2 * ' ')

@ -0,0 +1,338 @@
/*
*
* Copyright 2015, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "test/core/end2end/end2end_tests.h"
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <grpc/grpc_security.h>
#include <grpc/byte_buffer.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/time.h>
#include <grpc/support/useful.h>
#include "test/core/end2end/cq_verifier.h"
#include "src/core/security/credentials.h"
#include "src/core/support/string.h"
static const char iam_token[] = "token";
static const char iam_selector[] = "selector";
static const char overridden_iam_token[] = "overridden_token";
static const char overridden_iam_selector[] = "overridden_selector";
typedef enum {
NONE,
OVERRIDE,
DELETE
} override_mode;
enum { TIMEOUT = 200000 };
static void *tag(gpr_intptr t) { return (void *)t; }
static grpc_end2end_test_fixture begin_test(grpc_end2end_test_config config,
const char *test_name,
grpc_channel_args *client_args,
grpc_channel_args *server_args) {
grpc_end2end_test_fixture f;
gpr_log(GPR_INFO, "%s/%s", test_name, config.name);
f = config.create_fixture(client_args, server_args);
config.init_client(&f, client_args);
config.init_server(&f, server_args);
return f;
}
static gpr_timespec n_seconds_time(int n) {
return GRPC_TIMEOUT_SECONDS_TO_DEADLINE(n);
}
static gpr_timespec five_seconds_time(void) { return n_seconds_time(5); }
static void drain_cq(grpc_completion_queue *cq) {
grpc_event *ev;
grpc_completion_type type;
do {
ev = grpc_completion_queue_next(cq, five_seconds_time());
GPR_ASSERT(ev);
type = ev->type;
grpc_event_finish(ev);
} while (type != GRPC_QUEUE_SHUTDOWN);
}
static void shutdown_server(grpc_end2end_test_fixture *f) {
if (!f->server) return;
grpc_server_shutdown(f->server);
grpc_server_destroy(f->server);
f->server = NULL;
}
static void shutdown_client(grpc_end2end_test_fixture *f) {
if (!f->client) return;
grpc_channel_destroy(f->client);
f->client = NULL;
}
static void end_test(grpc_end2end_test_fixture *f) {
shutdown_server(f);
shutdown_client(f);
grpc_completion_queue_shutdown(f->server_cq);
drain_cq(f->server_cq);
grpc_completion_queue_destroy(f->server_cq);
grpc_completion_queue_shutdown(f->client_cq);
drain_cq(f->client_cq);
grpc_completion_queue_destroy(f->client_cq);
}
static void test_call_creds_failure(grpc_end2end_test_config config) {
grpc_call *c;
grpc_credentials *creds = NULL;
grpc_end2end_test_fixture f = begin_test(config, __FUNCTION__, NULL, NULL);
gpr_timespec deadline = five_seconds_time();
c = grpc_channel_create_call(f.client, f.client_cq, "/foo",
"foo.test.google.fr", deadline);
GPR_ASSERT(c);
/* Try with credentials unfit to be set on a call (channel creds). */
creds = grpc_fake_transport_security_credentials_create();
GPR_ASSERT(grpc_call_set_credentials(c, creds) != GRPC_CALL_OK);
grpc_credentials_release(creds);
end_test(&f);
config.tear_down_data(&f);
}
static void request_response_with_payload_and_call_creds(
const char *test_name, grpc_end2end_test_config config,
override_mode mode) {
grpc_call *c;
grpc_call *s;
gpr_slice request_payload_slice = gpr_slice_from_copied_string("hello world");
gpr_slice response_payload_slice = gpr_slice_from_copied_string("hello you");
grpc_byte_buffer *request_payload =
grpc_byte_buffer_create(&request_payload_slice, 1);
grpc_byte_buffer *response_payload =
grpc_byte_buffer_create(&response_payload_slice, 1);
gpr_timespec deadline = five_seconds_time();
grpc_end2end_test_fixture f = begin_test(config, test_name, NULL, NULL);
cq_verifier *v_client = cq_verifier_create(f.client_cq);
cq_verifier *v_server = cq_verifier_create(f.server_cq);
grpc_op ops[6];
grpc_op *op;
grpc_metadata_array initial_metadata_recv;
grpc_metadata_array trailing_metadata_recv;
grpc_metadata_array request_metadata_recv;
grpc_byte_buffer *request_payload_recv = NULL;
grpc_byte_buffer *response_payload_recv = NULL;
grpc_call_details call_details;
grpc_status_code status;
char *details = NULL;
size_t details_capacity = 0;
int was_cancelled = 2;
grpc_credentials *creds = NULL;
c = grpc_channel_create_call(f.client, f.client_cq, "/foo",
"foo.test.google.fr", deadline);
GPR_ASSERT(c);
creds = grpc_iam_credentials_create(iam_token, iam_selector);
GPR_ASSERT(creds != NULL);
GPR_ASSERT(grpc_call_set_credentials(c, creds) == GRPC_CALL_OK);
switch (mode) {
case NONE:
break;
case OVERRIDE:
grpc_credentials_release(creds);
creds = grpc_iam_credentials_create(overridden_iam_token,
overridden_iam_selector);
GPR_ASSERT(creds != NULL);
GPR_ASSERT(grpc_call_set_credentials(c, creds) == GRPC_CALL_OK);
break;
case DELETE:
GPR_ASSERT(grpc_call_set_credentials(c, NULL) == GRPC_CALL_OK);
break;
}
grpc_credentials_release(creds);
grpc_metadata_array_init(&initial_metadata_recv);
grpc_metadata_array_init(&trailing_metadata_recv);
grpc_metadata_array_init(&request_metadata_recv);
grpc_call_details_init(&call_details);
op = ops;
op->op = GRPC_OP_SEND_INITIAL_METADATA;
op->data.send_initial_metadata.count = 0;
op++;
op->op = GRPC_OP_SEND_MESSAGE;
op->data.send_message = request_payload;
op++;
op->op = GRPC_OP_SEND_CLOSE_FROM_CLIENT;
op++;
op->op = GRPC_OP_RECV_INITIAL_METADATA;
op->data.recv_initial_metadata = &initial_metadata_recv;
op++;
op->op = GRPC_OP_RECV_MESSAGE;
op->data.recv_message = &response_payload_recv;
op++;
op->op = GRPC_OP_RECV_STATUS_ON_CLIENT;
op->data.recv_status_on_client.trailing_metadata = &trailing_metadata_recv;
op->data.recv_status_on_client.status = &status;
op->data.recv_status_on_client.status_details = &details;
op->data.recv_status_on_client.status_details_capacity = &details_capacity;
op++;
GPR_ASSERT(GRPC_CALL_OK == grpc_call_start_batch(c, ops, op - ops, tag(1)));
GPR_ASSERT(GRPC_CALL_OK == grpc_server_request_call(f.server, &s,
&call_details,
&request_metadata_recv,
f.server_cq, tag(101)));
cq_expect_completion(v_server, tag(101), GRPC_OP_OK);
cq_verify(v_server);
/* Cannot set creds on the server call object. */
GPR_ASSERT(grpc_call_set_credentials(s, NULL) != GRPC_CALL_OK);
op = ops;
op->op = GRPC_OP_SEND_INITIAL_METADATA;
op->data.send_initial_metadata.count = 0;
op++;
op->op = GRPC_OP_SEND_MESSAGE;
op->data.send_message = response_payload;
op++;
op->op = GRPC_OP_SEND_STATUS_FROM_SERVER;
op->data.send_status_from_server.trailing_metadata_count = 0;
op->data.send_status_from_server.status = GRPC_STATUS_OK;
op->data.send_status_from_server.status_details = "xyz";
op++;
op->op = GRPC_OP_RECV_MESSAGE;
op->data.recv_message = &request_payload_recv;
op++;
op->op = GRPC_OP_RECV_CLOSE_ON_SERVER;
op->data.recv_close_on_server.cancelled = &was_cancelled;
op++;
GPR_ASSERT(GRPC_CALL_OK == grpc_call_start_batch(s, ops, op - ops, tag(102)));
cq_expect_completion(v_server, tag(102), GRPC_OP_OK);
cq_verify(v_server);
cq_expect_completion(v_client, tag(1), GRPC_OP_OK);
cq_verify(v_client);
GPR_ASSERT(status == GRPC_STATUS_OK);
GPR_ASSERT(0 == strcmp(details, "xyz"));
GPR_ASSERT(0 == strcmp(call_details.method, "/foo"));
GPR_ASSERT(0 == strcmp(call_details.host, "foo.test.google.fr"));
GPR_ASSERT(was_cancelled == 0);
GPR_ASSERT(byte_buffer_eq_string(request_payload_recv, "hello world"));
GPR_ASSERT(byte_buffer_eq_string(response_payload_recv, "hello you"));
switch (mode) {
case NONE:
GPR_ASSERT(contains_metadata(&request_metadata_recv,
GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY,
iam_token));
GPR_ASSERT(contains_metadata(&request_metadata_recv,
GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY,
iam_selector));
break;
case OVERRIDE:
GPR_ASSERT(contains_metadata(&request_metadata_recv,
GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY,
overridden_iam_token));
GPR_ASSERT(contains_metadata(&request_metadata_recv,
GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY,
overridden_iam_selector));
break;
case DELETE:
GPR_ASSERT(!contains_metadata(&request_metadata_recv,
GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY,
iam_token));
GPR_ASSERT(!contains_metadata(&request_metadata_recv,
GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY,
iam_selector));
GPR_ASSERT(!contains_metadata(&request_metadata_recv,
GRPC_IAM_AUTHORIZATION_TOKEN_METADATA_KEY,
overridden_iam_token));
GPR_ASSERT(!contains_metadata(&request_metadata_recv,
GRPC_IAM_AUTHORITY_SELECTOR_METADATA_KEY,
overridden_iam_selector));
break;
}
gpr_free(details);
grpc_metadata_array_destroy(&initial_metadata_recv);
grpc_metadata_array_destroy(&trailing_metadata_recv);
grpc_metadata_array_destroy(&request_metadata_recv);
grpc_call_details_destroy(&call_details);
grpc_call_destroy(c);
grpc_call_destroy(s);
cq_verifier_destroy(v_client);
cq_verifier_destroy(v_server);
grpc_byte_buffer_destroy(request_payload);
grpc_byte_buffer_destroy(response_payload);
grpc_byte_buffer_destroy(request_payload_recv);
grpc_byte_buffer_destroy(response_payload_recv);
end_test(&f);
config.tear_down_data(&f);
}
void test_request_response_with_payload_and_call_creds(
grpc_end2end_test_config config) {
request_response_with_payload_and_call_creds(__FUNCTION__, config, NONE);
}
void test_request_response_with_payload_and_overridden_call_creds(
grpc_end2end_test_config config) {
request_response_with_payload_and_call_creds(__FUNCTION__, config, OVERRIDE);
}
void test_request_response_with_payload_and_deleted_call_creds(
grpc_end2end_test_config config) {
request_response_with_payload_and_call_creds(__FUNCTION__, config, DELETE);
}
void grpc_end2end_tests(grpc_end2end_test_config config) {
if (config.feature_mask & FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS) {
test_call_creds_failure(config);
test_request_response_with_payload_and_call_creds(config);
test_request_response_with_payload_and_overridden_call_creds(config);
test_request_response_with_payload_and_deleted_call_creds(config);
}
}

@ -39,4 +39,4 @@ root=`pwd`
export LD_LIBRARY_PATH=$root/libs/$CONFIG
$root/src/node/node_modules/mocha/bin/mocha $root/src/node/test
$root/src/node/node_modules/mocha/bin/mocha --timeout 4000 $root/src/node/test

@ -885,7 +885,7 @@
{
"flaky": false,
"language": "c",
"name": "chttp2_fake_security_request_response_with_trailing_metadata_and_payload_test",
"name": "chttp2_fake_security_request_response_with_payload_and_call_creds_test",
"platforms": [
"windows",
"posix"
@ -1128,7 +1128,7 @@
{
"flaky": false,
"language": "c",
"name": "chttp2_fullstack_request_response_with_trailing_metadata_and_payload_test",
"name": "chttp2_fullstack_request_response_with_payload_and_call_creds_test",
"platforms": [
"windows",
"posix"
@ -1371,7 +1371,7 @@
{
"flaky": false,
"language": "c",
"name": "chttp2_fullstack_uds_request_response_with_trailing_metadata_and_payload_test",
"name": "chttp2_fullstack_uds_request_response_with_payload_and_call_creds_test",
"platforms": [
"windows",
"posix"
@ -1614,7 +1614,7 @@
{
"flaky": false,
"language": "c",
"name": "chttp2_simple_ssl_fullstack_request_response_with_trailing_metadata_and_payload_test",
"name": "chttp2_simple_ssl_fullstack_request_response_with_payload_and_call_creds_test",
"platforms": [
"windows",
"posix"
@ -1857,7 +1857,7 @@
{
"flaky": false,
"language": "c",
"name": "chttp2_simple_ssl_with_oauth2_fullstack_request_response_with_trailing_metadata_and_payload_test",
"name": "chttp2_simple_ssl_with_oauth2_fullstack_request_response_with_payload_and_call_creds_test",
"platforms": [
"windows",
"posix"
@ -2100,7 +2100,7 @@
{
"flaky": false,
"language": "c",
"name": "chttp2_socket_pair_request_response_with_trailing_metadata_and_payload_test",
"name": "chttp2_socket_pair_request_response_with_payload_and_call_creds_test",
"platforms": [
"windows",
"posix"
@ -2343,7 +2343,7 @@
{
"flaky": false,
"language": "c",
"name": "chttp2_socket_pair_one_byte_at_a_time_request_response_with_trailing_metadata_and_payload_test",
"name": "chttp2_socket_pair_one_byte_at_a_time_request_response_with_payload_and_call_creds_test",
"platforms": [
"windows",
"posix"
@ -2583,15 +2583,6 @@
"posix"
]
},
{
"flaky": false,
"language": "c",
"name": "chttp2_fullstack_request_response_with_trailing_metadata_and_payload_unsecure_test",
"platforms": [
"windows",
"posix"
]
},
{
"flaky": false,
"language": "c",
@ -2826,15 +2817,6 @@
"posix"
]
},
{
"flaky": false,
"language": "c",
"name": "chttp2_fullstack_uds_request_response_with_trailing_metadata_and_payload_unsecure_test",
"platforms": [
"windows",
"posix"
]
},
{
"flaky": false,
"language": "c",
@ -3069,15 +3051,6 @@
"posix"
]
},
{
"flaky": false,
"language": "c",
"name": "chttp2_socket_pair_request_response_with_trailing_metadata_and_payload_unsecure_test",
"platforms": [
"windows",
"posix"
]
},
{
"flaky": false,
"language": "c",
@ -3312,15 +3285,6 @@
"posix"
]
},
{
"flaky": false,
"language": "c",
"name": "chttp2_socket_pair_one_byte_at_a_time_request_response_with_trailing_metadata_and_payload_unsecure_test",
"platforms": [
"windows",
"posix"
]
},
{
"flaky": false,
"language": "c",

File diff suppressed because one or more lines are too long

@ -166,6 +166,7 @@
<ClInclude Include="..\..\src\core\security\secure_endpoint.h" />
<ClInclude Include="..\..\src\core\security\secure_transport_setup.h" />
<ClInclude Include="..\..\src\core\security\security_connector.h" />
<ClInclude Include="..\..\src\core\security\security_context.h" />
<ClInclude Include="..\..\src\core\tsi\fake_transport_security.h" />
<ClInclude Include="..\..\src\core\tsi\ssl_transport_security.h" />
<ClInclude Include="..\..\src\core\tsi\transport_security.h" />
@ -287,6 +288,8 @@
</ClCompile>
<ClCompile Include="..\..\src\core\security\security_connector.c">
</ClCompile>
<ClCompile Include="..\..\src\core\security\security_context.c">
</ClCompile>
<ClCompile Include="..\..\src\core\security\server_secure_chttp2.c">
</ClCompile>
<ClCompile Include="..\..\src\core\surface\init_secure.c">

@ -43,6 +43,9 @@
<ClCompile Include="..\..\src\core\security\security_connector.c">
<Filter>src\core\security</Filter>
</ClCompile>
<ClCompile Include="..\..\src\core\security\security_context.c">
<Filter>src\core\security</Filter>
</ClCompile>
<ClCompile Include="..\..\src\core\security\server_secure_chttp2.c">
<Filter>src\core\security</Filter>
</ClCompile>
@ -407,6 +410,9 @@
<ClInclude Include="..\..\src\core\security\security_connector.h">
<Filter>src\core\security</Filter>
</ClInclude>
<ClInclude Include="..\..\src\core\security\security_context.h">
<Filter>src\core\security</Filter>
</ClInclude>
<ClInclude Include="..\..\src\core\tsi\fake_transport_security.h">
<Filter>src\core\tsi</Filter>
</ClInclude>

Loading…
Cancel
Save