Merge pull request #22656 from grpc/zhen_core_test_improvement_2

[4/n] Avoid using hardcoded test credentials
pull/22669/head
ZhenLian 5 years ago committed by GitHub
commit 5aee7d3bc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 15
      test/core/security/BUILD
  2. 58
      test/core/security/grpc_tls_credentials_options_test.cc
  3. 33
      test/core/security/ssl_server_fuzzer.cc
  4. 33
      test/core/security/tls_security_connector_test.cc
  5. 5
      test/core/surface/BUILD
  6. 28
      test/core/surface/sequential_connectivity_test.cc
  7. 4
      test/core/util/grpc_fuzzer.bzl

@ -37,6 +37,11 @@ grpc_fuzzer(
name = "ssl_server_fuzzer", name = "ssl_server_fuzzer",
srcs = ["ssl_server_fuzzer.cc"], srcs = ["ssl_server_fuzzer.cc"],
corpus = "corpus/ssl_server_corpus", corpus = "corpus/ssl_server_corpus",
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:server1.key",
"//src/core/tsi/test_creds:server1.pem",
],
language = "C++", language = "C++",
tags = ["no_windows"], tags = ["no_windows"],
deps = [ deps = [
@ -248,6 +253,11 @@ grpc_cc_test(
grpc_cc_test( grpc_cc_test(
name = "tls_security_connector_test", name = "tls_security_connector_test",
srcs = ["tls_security_connector_test.cc"], srcs = ["tls_security_connector_test.cc"],
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:server1.key",
"//src/core/tsi/test_creds:server1.pem",
],
external_deps = [ external_deps = [
"gtest", "gtest",
], ],
@ -266,6 +276,11 @@ grpc_cc_test(
grpc_cc_test( grpc_cc_test(
name = "grpc_tls_credentials_options_test", name = "grpc_tls_credentials_options_test",
srcs = ["grpc_tls_credentials_options_test.cc"], srcs = ["grpc_tls_credentials_options_test.cc"],
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:server1.key",
"//src/core/tsi/test_creds:server1.pem",
],
external_deps = ["gtest"], external_deps = ["gtest"],
language = "C++", language = "C++",
deps = [ deps = [

@ -17,7 +17,6 @@
*/ */
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include <gmock/gmock.h> #include <gmock/gmock.h>
#include <grpc/support/alloc.h> #include <grpc/support/alloc.h>
@ -25,28 +24,61 @@
#include <grpc/support/string_util.h> #include <grpc/support/string_util.h>
#include <gtest/gtest.h> #include <gtest/gtest.h>
#include "src/core/lib/iomgr/load_file.h"
#define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
#define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
#define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
namespace testing { namespace testing {
static void SetKeyMaterials(grpc_tls_key_materials_config* config) { static void SetKeyMaterials(grpc_tls_key_materials_config* config) {
const grpc_ssl_pem_key_cert_pair pem_key_pair = { grpc_slice ca_slice, cert_slice, key_slice;
test_server1_key, GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
test_server1_cert, grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
}; GPR_ASSERT(GRPC_LOG_IF_ERROR(
const auto* pem_key_pair_ptr = &pem_key_pair; "load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
grpc_tls_key_materials_config_set_key_materials(config, test_root_cert, GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
&pem_key_pair_ptr, 1); grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
const char* ca_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
const auto* pem_key_cert_pair_ptr = &pem_key_cert_pair;
grpc_tls_key_materials_config_set_key_materials(config, ca_cert,
&pem_key_cert_pair_ptr, 1);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
} }
TEST(GrpcTlsCredentialsOptionsTest, SetKeyMaterials) { TEST(GrpcTlsCredentialsOptionsTest, SetKeyMaterials) {
grpc_tls_key_materials_config* config = grpc_tls_key_materials_config* config =
grpc_tls_key_materials_config_create(); grpc_tls_key_materials_config_create();
SetKeyMaterials(config); SetKeyMaterials(config);
EXPECT_STREQ(config->pem_root_certs(), test_root_cert); grpc_slice ca_slice, cert_slice, key_slice;
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
GPR_ASSERT(GRPC_LOG_IF_ERROR(
"load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
const char* ca_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
EXPECT_STREQ(config->pem_root_certs(), ca_cert);
EXPECT_EQ(config->pem_key_cert_pair_list().size(), 1); EXPECT_EQ(config->pem_key_cert_pair_list().size(), 1);
EXPECT_STREQ(config->pem_key_cert_pair_list()[0].private_key(), EXPECT_STREQ(config->pem_key_cert_pair_list()[0].private_key(), server_key);
test_server1_key); EXPECT_STREQ(config->pem_key_cert_pair_list()[0].cert_chain(), server_cert);
EXPECT_STREQ(config->pem_key_cert_pair_list()[0].cert_chain(), grpc_slice_unref(cert_slice);
test_server1_cert); grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
delete config; delete config;
} }

@ -23,9 +23,12 @@
#include "src/core/lib/iomgr/load_file.h" #include "src/core/lib/iomgr/load_file.h"
#include "src/core/lib/security/credentials/credentials.h" #include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/security_connector/security_connector.h" #include "src/core/lib/security/security_connector/security_connector.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/mock_endpoint.h" #include "test/core/util/mock_endpoint.h"
#define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
#define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
#define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
bool squelch = true; bool squelch = true;
// ssl has an array of global gpr_mu's that are never released. // ssl has an array of global gpr_mu's that are never released.
// Turning this on will fail the leak check. // Turning this on will fail the leak check.
@ -66,18 +69,25 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
mock_endpoint, grpc_slice_from_copied_buffer((const char*)data, size)); mock_endpoint, grpc_slice_from_copied_buffer((const char*)data, size));
// Load key pair and establish server SSL credentials. // Load key pair and establish server SSL credentials.
grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
grpc_slice ca_slice, cert_slice, key_slice; grpc_slice ca_slice, cert_slice, key_slice;
ca_slice = grpc_slice_from_static_string(test_root_cert); GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
cert_slice = grpc_slice_from_static_string(test_server1_cert); grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
key_slice = grpc_slice_from_static_string(test_server1_key); GPR_ASSERT(GRPC_LOG_IF_ERROR(
const char* ca_cert = (const char*)GRPC_SLICE_START_PTR(ca_slice); "load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
pem_key_cert_pair.private_key = GPR_ASSERT(GRPC_LOG_IF_ERROR(
(const char*)GRPC_SLICE_START_PTR(key_slice); "load_file", grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
pem_key_cert_pair.cert_chain = const char* ca_cert =
(const char*)GRPC_SLICE_START_PTR(cert_slice); reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
grpc_server_credentials* creds = grpc_ssl_server_credentials_create( grpc_server_credentials* creds = grpc_ssl_server_credentials_create(
ca_cert, &pem_key_cert_pair, 1, 0, nullptr); ca_cert, &pem_key_cert_pair, 1, 0, nullptr);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
// Create security connector // Create security connector
grpc_core::RefCountedPtr<grpc_server_security_connector> sc = grpc_core::RefCountedPtr<grpc_server_security_connector> sc =
@ -109,9 +119,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
sc.reset(DEBUG_LOCATION, "test"); sc.reset(DEBUG_LOCATION, "test");
grpc_server_credentials_release(creds); grpc_server_credentials_release(creds);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
grpc_core::ExecCtx::Get()->Flush(); grpc_core::ExecCtx::Get()->Flush();
} }

@ -26,22 +26,39 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "src/core/lib/iomgr/load_file.h"
#include "src/core/tsi/transport_security.h" #include "src/core/tsi/transport_security.h"
#include "test/core/end2end/data/ssl_test_data.h"
#include "test/core/util/test_config.h" #include "test/core/util/test_config.h"
#define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
#define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
#define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
namespace { namespace {
enum CredReloadResult { FAIL, SUCCESS, UNCHANGED, ASYNC }; enum CredReloadResult { FAIL, SUCCESS, UNCHANGED, ASYNC };
void SetKeyMaterials(grpc_tls_key_materials_config* config) { void SetKeyMaterials(grpc_tls_key_materials_config* config) {
const grpc_ssl_pem_key_cert_pair pem_key_pair = { grpc_slice ca_slice, cert_slice, key_slice;
test_server1_key, GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
test_server1_cert, grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
}; GPR_ASSERT(GRPC_LOG_IF_ERROR(
const auto* pem_key_pair_ptr = &pem_key_pair; "load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
grpc_tls_key_materials_config_set_key_materials(config, test_root_cert, GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
&pem_key_pair_ptr, 1); grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
const char* ca_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
const auto* pem_key_cert_pair_ptr = &pem_key_cert_pair;
grpc_tls_key_materials_config_set_key_materials(config, ca_cert,
&pem_key_cert_pair_ptr, 1);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_slice_unref(ca_slice);
} }
int CredReloadSuccess(void* /*config_user_data*/, int CredReloadSuccess(void* /*config_user_data*/,

@ -136,6 +136,11 @@ grpc_cc_test(
grpc_cc_test( grpc_cc_test(
name = "sequential_connectivity_test", name = "sequential_connectivity_test",
srcs = ["sequential_connectivity_test.cc"], srcs = ["sequential_connectivity_test.cc"],
data = [
"//src/core/tsi/test_creds:ca.pem",
"//src/core/tsi/test_creds:server1.key",
"//src/core/tsi/test_creds:server1.pem",
],
flaky = True, # TODO(b/151696318) flaky = True, # TODO(b/151696318)
language = "C++", language = "C++",
deps = [ deps = [

@ -25,10 +25,14 @@
#include "src/core/lib/gprpp/host_port.h" #include "src/core/lib/gprpp/host_port.h"
#include "src/core/lib/gprpp/thd.h" #include "src/core/lib/gprpp/thd.h"
#include "src/core/lib/iomgr/exec_ctx.h" #include "src/core/lib/iomgr/exec_ctx.h"
#include "test/core/end2end/data/ssl_test_data.h" #include "src/core/lib/iomgr/load_file.h"
#include "test/core/util/port.h" #include "test/core/util/port.h"
#include "test/core/util/test_config.h" #include "test/core/util/test_config.h"
#define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
#define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
#define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
typedef struct test_fixture { typedef struct test_fixture {
const char* name; const char* name;
void (*add_server_port)(grpc_server* server, const char* addr); void (*add_server_port)(grpc_server* server, const char* addr);
@ -139,17 +143,33 @@ static const test_fixture insecure_test = {
}; };
static void secure_test_add_port(grpc_server* server, const char* addr) { static void secure_test_add_port(grpc_server* server, const char* addr) {
grpc_ssl_pem_key_cert_pair pem_cert_key_pair = {test_server1_key, grpc_slice cert_slice, key_slice;
test_server1_cert}; GPR_ASSERT(GRPC_LOG_IF_ERROR(
"load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
const char* server_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
const char* server_key =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
grpc_server_credentials* ssl_creds = grpc_ssl_server_credentials_create( grpc_server_credentials* ssl_creds = grpc_ssl_server_credentials_create(
nullptr, &pem_cert_key_pair, 1, 0, nullptr); nullptr, &pem_key_cert_pair, 1, 0, nullptr);
grpc_slice_unref(cert_slice);
grpc_slice_unref(key_slice);
grpc_server_add_secure_http2_port(server, addr, ssl_creds); grpc_server_add_secure_http2_port(server, addr, ssl_creds);
grpc_server_credentials_release(ssl_creds); grpc_server_credentials_release(ssl_creds);
} }
static grpc_channel* secure_test_create_channel(const char* addr) { static grpc_channel* secure_test_create_channel(const char* addr) {
grpc_slice ca_slice;
GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
const char* test_root_cert =
reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
grpc_channel_credentials* ssl_creds = grpc_channel_credentials* ssl_creds =
grpc_ssl_credentials_create(test_root_cert, nullptr, nullptr, nullptr); grpc_ssl_credentials_create(test_root_cert, nullptr, nullptr, nullptr);
grpc_slice_unref(ca_slice);
grpc_arg ssl_name_override = { grpc_arg ssl_name_override = {
GRPC_ARG_STRING, GRPC_ARG_STRING,
const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG), const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG),

@ -14,12 +14,12 @@
load("//bazel:grpc_build_system.bzl", "grpc_cc_test") load("//bazel:grpc_build_system.bzl", "grpc_cc_test")
def grpc_fuzzer(name, corpus, srcs = [], deps = [], size = "large", **kwargs): def grpc_fuzzer(name, corpus, srcs = [], deps = [], data = [], size = "large", **kwargs):
grpc_cc_test( grpc_cc_test(
name = name, name = name,
srcs = srcs, srcs = srcs,
deps = deps + ["//test/core/util:fuzzer_corpus_test"], deps = deps + ["//test/core/util:fuzzer_corpus_test"],
data = native.glob([corpus + "/**"]), data = data + native.glob([corpus + "/**"]),
external_deps = [ external_deps = [
"gtest", "gtest",
], ],

Loading…
Cancel
Save