Chiebot-Mirror
/
grpc
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #22656 from grpc/zhen_core_test_improvement_2

Browse Source 
[4/n] Avoid using hardcoded test credentials
pull/22669/head
ZhenLian 5 years ago committed by GitHub
parent 97ea8ed66f 096c276182
commit 5aee7d3bc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 136 additions and 40 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      test/core/security/BUILD
  2. 58
      test/core/security/grpc_tls_credentials_options_test.cc
  3. 33
      test/core/security/ssl_server_fuzzer.cc
  4. 33
      test/core/security/tls_security_connector_test.cc
  5. 5
      test/core/surface/BUILD
  6. 28
      test/core/surface/sequential_connectivity_test.cc
  7. 4
      test/core/util/grpc_fuzzer.bzl

15
test/core/security/BUILD
Unescape View File

@ -37,6 +37,11 @@ grpc_fuzzer(
name = "ssl_server_fuzzer", name = "ssl_server_fuzzer",
srcs = ["ssl_server_fuzzer.cc"], srcs = ["ssl_server_fuzzer.cc"],
corpus = "corpus/ssl_server_corpus", corpus = "corpus/ssl_server_corpus",
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:server1.key",
"//src/core/tsi/test_creds:server1.pem",
],
language = "C++", language = "C++",
tags = ["no_windows"], tags = ["no_windows"],
deps = [ deps = [
@ -248,6 +253,11 @@ grpc_cc_test(
grpc_cc_test( grpc_cc_test(
name = "tls_security_connector_test", name = "tls_security_connector_test",
srcs = ["tls_security_connector_test.cc"], srcs = ["tls_security_connector_test.cc"],
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:server1.key",
"//src/core/tsi/test_creds:server1.pem",
],
external_deps = [ external_deps = [
"gtest", "gtest",
], ],
@ -266,6 +276,11 @@ grpc_cc_test(
grpc_cc_test( grpc_cc_test(
name = "grpc_tls_credentials_options_test", name = "grpc_tls_credentials_options_test",
srcs = ["grpc_tls_credentials_options_test.cc"], srcs = ["grpc_tls_credentials_options_test.cc"],
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:server1.key",
"//src/core/tsi/test_creds:server1.pem",
],
external_deps = ["gtest"], external_deps = ["gtest"],
language = "C++", language = "C++",
deps = [ deps = [

58
test/core/security/grpc_tls_credentials_options_test.cc
Unescape View File

@ -17,7 +17,6 @@
*/ */
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include <gmock/gmock.h> #include <gmock/gmock.h>
#include <grpc/support/alloc.h> #include <grpc/support/alloc.h>
@ -25,28 +24,61 @@
#include <grpc/support/string_util.h> #include <grpc/support/string_util.h>
#include <gtest/gtest.h> #include <gtest/gtest.h>
#include "src/core/lib/iomgr/load_file.h"
#define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
#define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
#define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
namespace testing { namespace testing {
static void SetKeyMaterials(grpc_tls_key_materials_config* config) { static void SetKeyMaterials(grpc_tls_key_materials_config* config) {
const grpc_ssl_pem_key_cert_pair pem_key_pair = { grpc_slice ca_slice, cert_slice, key_slice;
test_server1_key, GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
test_server1_cert, grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
}; GPR_ASSERT(GRPC_LOG_IF_ERROR(
const auto* pem_key_pair_ptr = &pem_key_pair; "load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
grpc_tls_key_materials_config_set_key_materials(config, test_root_cert, GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
&pem_key_pair_ptr, 1); grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
const char* ca_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
const auto* pem_key_cert_pair_ptr = &pem_key_cert_pair;
grpc_tls_key_materials_config_set_key_materials(config, ca_cert,
&pem_key_cert_pair_ptr, 1);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
} }
TEST(GrpcTlsCredentialsOptionsTest, SetKeyMaterials) { TEST(GrpcTlsCredentialsOptionsTest, SetKeyMaterials) {
grpc_tls_key_materials_config* config = grpc_tls_key_materials_config* config =
grpc_tls_key_materials_config_create(); grpc_tls_key_materials_config_create();
SetKeyMaterials(config); SetKeyMaterials(config);
EXPECT_STREQ(config->pem_root_certs(), test_root_cert); grpc_slice ca_slice, cert_slice, key_slice;
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
GPR_ASSERT(GRPC_LOG_IF_ERROR(
"load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
const char* ca_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
EXPECT_STREQ(config->pem_root_certs(), ca_cert);
EXPECT_EQ(config->pem_key_cert_pair_list().size(), 1); EXPECT_EQ(config->pem_key_cert_pair_list().size(), 1);
EXPECT_STREQ(config->pem_key_cert_pair_list()[0].private_key(), EXPECT_STREQ(config->pem_key_cert_pair_list()[0].private_key(), server_key);
test_server1_key); EXPECT_STREQ(config->pem_key_cert_pair_list()[0].cert_chain(), server_cert);
EXPECT_STREQ(config->pem_key_cert_pair_list()[0].cert_chain(), grpc_slice_unref(cert_slice);
test_server1_cert); grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
delete config; delete config;
} }

33
test/core/security/ssl_server_fuzzer.cc
Unescape View File

@ -23,9 +23,12 @@
#include "src/core/lib/iomgr/load_file.h" #include "src/core/lib/iomgr/load_file.h"
#include "src/core/lib/security/credentials/credentials.h" #include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/security_connector/security_connector.h" #include "src/core/lib/security/security_connector/security_connector.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/mock_endpoint.h" #include "test/core/util/mock_endpoint.h"
#define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
#define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
#define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
bool squelch = true; bool squelch = true;
// ssl has an array of global gpr_mu's that are never released. // ssl has an array of global gpr_mu's that are never released.
// Turning this on will fail the leak check. // Turning this on will fail the leak check.
@ -66,18 +69,25 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
mock_endpoint, grpc_slice_from_copied_buffer((const char*)data, size)); mock_endpoint, grpc_slice_from_copied_buffer((const char*)data, size));
// Load key pair and establish server SSL credentials. // Load key pair and establish server SSL credentials.
grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
grpc_slice ca_slice, cert_slice, key_slice; grpc_slice ca_slice, cert_slice, key_slice;
ca_slice = grpc_slice_from_static_string(test_root_cert); GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
cert_slice = grpc_slice_from_static_string(test_server1_cert); grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
key_slice = grpc_slice_from_static_string(test_server1_key); GPR_ASSERT(GRPC_LOG_IF_ERROR(
const char* ca_cert = (const char*)GRPC_SLICE_START_PTR(ca_slice); "load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
pem_key_cert_pair.private_key = GPR_ASSERT(GRPC_LOG_IF_ERROR(
(const char*)GRPC_SLICE_START_PTR(key_slice); "load_file", grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
pem_key_cert_pair.cert_chain = const char* ca_cert =
(const char*)GRPC_SLICE_START_PTR(cert_slice); reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
grpc_server_credentials* creds = grpc_ssl_server_credentials_create( grpc_server_credentials* creds = grpc_ssl_server_credentials_create(
ca_cert, &pem_key_cert_pair, 1, 0, nullptr); ca_cert, &pem_key_cert_pair, 1, 0, nullptr);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
// Create security connector // Create security connector
grpc_core::RefCountedPtr<grpc_server_security_connector> sc = grpc_core::RefCountedPtr<grpc_server_security_connector> sc =
@ -109,9 +119,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
sc.reset(DEBUG_LOCATION, "test"); sc.reset(DEBUG_LOCATION, "test");
grpc_server_credentials_release(creds); grpc_server_credentials_release(creds);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
grpc_core::ExecCtx::Get()->Flush(); grpc_core::ExecCtx::Get()->Flush();
} }

33
test/core/security/tls_security_connector_test.cc
Unescape View File

@ -26,22 +26,39 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "src/core/lib/iomgr/load_file.h"
#include "src/core/tsi/transport_security.h" #include "src/core/tsi/transport_security.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/test_config.h" #include "test/core/util/test_config.h"
#define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
#define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
#define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
namespace { namespace {
enum CredReloadResult { FAIL, SUCCESS, UNCHANGED, ASYNC }; enum CredReloadResult { FAIL, SUCCESS, UNCHANGED, ASYNC };
void SetKeyMaterials(grpc_tls_key_materials_config* config) { void SetKeyMaterials(grpc_tls_key_materials_config* config) {
const grpc_ssl_pem_key_cert_pair pem_key_pair = { grpc_slice ca_slice, cert_slice, key_slice;
test_server1_key, GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
test_server1_cert, grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
}; GPR_ASSERT(GRPC_LOG_IF_ERROR(
const auto* pem_key_pair_ptr = &pem_key_pair; "load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
grpc_tls_key_materials_config_set_key_materials(config, test_root_cert, GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
&pem_key_pair_ptr, 1); grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
const char* ca_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
const auto* pem_key_cert_pair_ptr = &pem_key_cert_pair;
grpc_tls_key_materials_config_set_key_materials(config, ca_cert,
&pem_key_cert_pair_ptr, 1);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
} }
int CredReloadSuccess(void* /*config_user_data*/, int CredReloadSuccess(void* /*config_user_data*/,

5
test/core/surface/BUILD
Unescape View File

@ -136,6 +136,11 @@ grpc_cc_test(
grpc_cc_test( grpc_cc_test(
name = "sequential_connectivity_test", name = "sequential_connectivity_test",
srcs = ["sequential_connectivity_test.cc"], srcs = ["sequential_connectivity_test.cc"],
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:server1.key",
"//src/core/tsi/test_creds:server1.pem",
],
flaky = True, # TODO(b/151696318) flaky = True, # TODO(b/151696318)
language = "C++", language = "C++",
deps = [ deps = [

28
test/core/surface/sequential_connectivity_test.cc
Unescape View File

@ -25,10 +25,14 @@
#include "src/core/lib/gprpp/host_port.h" #include "src/core/lib/gprpp/host_port.h"
#include "src/core/lib/gprpp/thd.h" #include "src/core/lib/gprpp/thd.h"
#include "src/core/lib/iomgr/exec_ctx.h" #include "src/core/lib/iomgr/exec_ctx.h"
#include "test/core/end2end/data/ssl_test_data.h" #include "src/core/lib/iomgr/load_file.h"
#include "test/core/util/port.h" #include "test/core/util/port.h"
#include "test/core/util/test_config.h" #include "test/core/util/test_config.h"
#define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
#define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
#define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
typedef struct test_fixture { typedef struct test_fixture {
const char* name; const char* name;
void (*add_server_port)(grpc_server* server, const char* addr); void (*add_server_port)(grpc_server* server, const char* addr);
@ -139,17 +143,33 @@ static const test_fixture insecure_test = {
}; };
static void secure_test_add_port(grpc_server* server, const char* addr) { static void secure_test_add_port(grpc_server* server, const char* addr) {
grpc_ssl_pem_key_cert_pair pem_cert_key_pair = {test_server1_key, grpc_slice cert_slice, key_slice;
test_server1_cert}; GPR_ASSERT(GRPC_LOG_IF_ERROR(
"load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
grpc_server_credentials* ssl_creds = grpc_ssl_server_credentials_create( grpc_server_credentials* ssl_creds = grpc_ssl_server_credentials_create(
nullptr, &pem_cert_key_pair, 1, 0, nullptr); nullptr, &pem_key_cert_pair, 1, 0, nullptr);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_server_add_secure_http2_port(server, addr, ssl_creds); grpc_server_add_secure_http2_port(server, addr, ssl_creds);
grpc_server_credentials_release(ssl_creds); grpc_server_credentials_release(ssl_creds);
} }
static grpc_channel* secure_test_create_channel(const char* addr) { static grpc_channel* secure_test_create_channel(const char* addr) {
grpc_slice ca_slice;
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
const char* test_root_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
grpc_channel_credentials* ssl_creds = grpc_channel_credentials* ssl_creds =
grpc_ssl_credentials_create(test_root_cert, nullptr, nullptr, nullptr); grpc_ssl_credentials_create(test_root_cert, nullptr, nullptr, nullptr);
grpc_slice_unref(ca_slice);
grpc_arg ssl_name_override = { grpc_arg ssl_name_override = {
GRPC_ARG_STRING, GRPC_ARG_STRING,
const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG), const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG),

4
test/core/util/grpc_fuzzer.bzl
Unescape View File

@ -14,12 +14,12 @@
load("//bazel:grpc_build_system.bzl", "grpc_cc_test") load("//bazel:grpc_build_system.bzl", "grpc_cc_test")
def grpc_fuzzer(name, corpus, srcs = [], deps = [], size = "large", **kwargs): def grpc_fuzzer(name, corpus, srcs = [], deps = [], data = [], size = "large", **kwargs):
grpc_cc_test( grpc_cc_test(
name = name, name = name,
srcs = srcs, srcs = srcs,
deps = deps + ["//test/core/util:fuzzer_corpus_test"], deps = deps + ["//test/core/util:fuzzer_corpus_test"],
data = native.glob([corpus + "/**"]), data = data + native.glob([corpus + "/**"]),
external_deps = [ external_deps = [
"gtest", "gtest",
], ],

Write Preview
Loading…
Cancel
Save