|
|
|
|
@ -30,6 +30,58 @@ |
|
|
|
|
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" |
|
|
|
|
#include "src/cpp/client/secure_credentials.h" |
|
|
|
|
|
|
|
|
|
namespace { |
|
|
|
|
|
|
|
|
|
typedef class ::grpc_impl::experimental::TlsKeyMaterialsConfig |
|
|
|
|
TlsKeyMaterialsConfig; |
|
|
|
|
typedef class ::grpc_impl::experimental::TlsCredentialReloadArg |
|
|
|
|
TlsCredentialReloadArg; |
|
|
|
|
typedef class ::grpc_impl::experimental::TlsCredentialReloadConfig |
|
|
|
|
TlsCredentialReloadConfig; |
|
|
|
|
|
|
|
|
|
static void tls_credential_reload_callback( |
|
|
|
|
grpc_tls_credential_reload_arg* arg) { |
|
|
|
|
GPR_ASSERT(arg != nullptr); |
|
|
|
|
arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
static int tls_credential_reload_sync(void* config_user_data, |
|
|
|
|
TlsCredentialReloadArg* arg) { |
|
|
|
|
GPR_ASSERT(arg != nullptr); |
|
|
|
|
struct TlsKeyMaterialsConfig::PemKeyCertPair pair3 = {"private_key3", |
|
|
|
|
"cert_chain3"}; |
|
|
|
|
::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config = |
|
|
|
|
arg->key_materials_config(); |
|
|
|
|
::std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pair_list = |
|
|
|
|
key_materials_config->pem_key_cert_pair_list(); |
|
|
|
|
pair_list.push_back(pair3); |
|
|
|
|
key_materials_config->set_key_materials("new_pem_root_certs", pair_list); |
|
|
|
|
arg->set_key_materials_config(key_materials_config); |
|
|
|
|
arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); |
|
|
|
|
return 0; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
static void tls_credential_reload_cancel(void* config_user_data, |
|
|
|
|
TlsCredentialReloadArg* arg) { |
|
|
|
|
GPR_ASSERT(arg != nullptr); |
|
|
|
|
arg->set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL); |
|
|
|
|
arg->set_error_details("cancelled"); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
static void tls_server_authorization_check_callback( |
|
|
|
|
grpc_tls_server_authorization_check_arg* arg) { |
|
|
|
|
GPR_ASSERT(arg != nullptr); |
|
|
|
|
char* cb_user_data = "cb_user_data"; |
|
|
|
|
arg->set_cb_user_data(static_cast<void*>(gpr_strdup(cb_user_data))); |
|
|
|
|
arg->set_success(1); |
|
|
|
|
arg->set_target_name("callback_target_name"); |
|
|
|
|
arg->set_peer_cert("callback_peer_cert"); |
|
|
|
|
arg->set_status(GRPC_STATUS_OK); |
|
|
|
|
arg->set_error_details("callback_error_details"); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
namespace grpc { |
|
|
|
|
namespace testing { |
|
|
|
|
|
|
|
|
|
@ -198,7 +250,6 @@ TEST_F(CredentialsTest, StsCredentialsOptionsFromEnv) { |
|
|
|
|
gpr_unsetenv("STS_CREDENTIALS"); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
typedef class ::grpc_impl::experimental::TlsKeyMaterialsConfig |
|
|
|
|
TlsKeyMaterialsConfig; |
|
|
|
|
|
|
|
|
|
@ -217,13 +268,18 @@ TEST_F(CredentialsTest, TlsKeyMaterialsConfigCppToC) { |
|
|
|
|
c_config->pem_key_cert_pair_list()[0].cert_chain()); |
|
|
|
|
gpr_free(c_config); |
|
|
|
|
} |
|
|
|
|
**/ |
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
TEST_F(CredentialsTest, TlsKeyMaterialsCtoCpp) { |
|
|
|
|
grpc_tls_key_materials_config c_config; |
|
|
|
|
grpc::string test_private_key = "private_key"; |
|
|
|
|
grpc::string test_cert_chain = "cert_chain"; |
|
|
|
|
grpc_ssl_pem_key_cert_pair* ssl_pair = |
|
|
|
|
(grpc_ssl_pem_key_cert_pair*)gpr_malloc( |
|
|
|
|
sizeof(grpc_ssl_pem_key_cert_pair)); |
|
|
|
|
ssl_pair->private_key = gpr_strdup(test_private_key.c_str()); |
|
|
|
|
ssl_pair->cert_chain = gpr_strdup(test_cert_chain.c_str()); |
|
|
|
|
::grpc_core::PemKeyCertPair pem_key_cert_pair = |
|
|
|
|
::grpc_core::PemKeyCertPair("private_key", "cert_chain"); |
|
|
|
|
::grpc_core::PemKeyCertPair(ssl_pair); |
|
|
|
|
::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1> |
|
|
|
|
pem_key_cert_pair_list; |
|
|
|
|
pem_key_cert_pair_list.push_back(pem_key_cert_pair); |
|
|
|
|
@ -239,20 +295,26 @@ TEST_F(CredentialsTest, TlsKeyMaterialsCtoCpp) { |
|
|
|
|
EXPECT_STREQ("private_key", cpp_pair_list[0].private_key.c_str()); |
|
|
|
|
EXPECT_STREQ("cert_chain", cpp_pair_list[0].cert_chain.c_str()); |
|
|
|
|
} |
|
|
|
|
**/ |
|
|
|
|
|
|
|
|
|
//typedef class ::grpc_impl::experimental::TlsCredentialReloadArg
|
|
|
|
|
// TlsCredentialReloadArg;
|
|
|
|
|
//typedef class ::grpc_impl::experimental::TlsCredentialReloadConfig
|
|
|
|
|
// TlsCredentialReloadConfig;
|
|
|
|
|
//typedef void (*grpcpp_tls_on_credential_reload_done_cb)(
|
|
|
|
|
// TlsCredentialReloadArg* arg);
|
|
|
|
|
typedef class ::grpc_impl::experimental::TlsCredentialReloadArg TlsCredentialReloadArg; |
|
|
|
|
typedef class ::grpc_impl::experimental::TlsCredentialReloadConfig TlsCredentialReloadConfig; |
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
TEST_F(CredentialsTest, TlsCredentialReloadArgCppToC) { |
|
|
|
|
TEST_F(CredentialsTest, TlsCredentialReloadArgCallback) { |
|
|
|
|
grpc_tls_credential_reload_arg c_arg; |
|
|
|
|
c_arg.cb = tls_credential_reload_callback; |
|
|
|
|
TlsCredentialReloadArg arg = TlsCredentialReloadArg(c_arg); |
|
|
|
|
arg.set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); |
|
|
|
|
arg.callback(); |
|
|
|
|
EXPECT_EQ(arg.status(), GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
TEST_F(CredentialsTest, TlsCredentialReloadConfigSchedule) { |
|
|
|
|
TlsCredentialReloadConfig config(nullptr, &tls_credential_reload_sync, |
|
|
|
|
nullptr, nullptr); |
|
|
|
|
TlsCredentialReloadArg arg; |
|
|
|
|
arg.set_cb_user_data(nullptr); |
|
|
|
|
::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config; |
|
|
|
|
arg.set_cb_user_data(static_cast<void*>(nullptr)); |
|
|
|
|
::std::shared_ptr<TlsKeyMaterialsConfig> key_materials_config( |
|
|
|
|
new TlsKeyMaterialsConfig()); |
|
|
|
|
struct TlsKeyMaterialsConfig::PemKeyCertPair pair1 = {"private_key1", |
|
|
|
|
"cert_chain1"}; |
|
|
|
|
struct TlsKeyMaterialsConfig::PemKeyCertPair pair2 = {"private_key2", |
|
|
|
|
@ -263,37 +325,71 @@ TEST_F(CredentialsTest, TlsCredentialReloadArgCppToC) { |
|
|
|
|
arg.set_key_materials_config(key_materials_config); |
|
|
|
|
arg.set_status(GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); |
|
|
|
|
arg.set_error_details("error_details"); |
|
|
|
|
grpc_tls_credential_reload_arg* c_arg = arg.c_credential_reload_arg(); |
|
|
|
|
EXPECT_EQ(c_arg->cb, |
|
|
|
|
static_cast<grpc_tls_on_credential_reload_done_cb>(nullptr)); |
|
|
|
|
EXPECT_EQ(c_arg->cb_user_data, nullptr); |
|
|
|
|
EXPECT_EQ(c_arg->key_materials_config->pem_root_certs(), "pem_root_certs"); |
|
|
|
|
EXPECT_EQ( |
|
|
|
|
c_arg->key_materials_config->pem_key_cert_pair_list()[0].private_key(), |
|
|
|
|
"private_key1"); |
|
|
|
|
EXPECT_EQ( |
|
|
|
|
c_arg->key_materials_config->pem_key_cert_pair_list()[1].private_key(), |
|
|
|
|
"private_key2"); |
|
|
|
|
EXPECT_EQ( |
|
|
|
|
c_arg->key_materials_config->pem_key_cert_pair_list()[0].cert_chain(), |
|
|
|
|
"cert_chain1"); |
|
|
|
|
EXPECT_EQ( |
|
|
|
|
c_arg->key_materials_config->pem_key_cert_pair_list()[1].cert_chain(), |
|
|
|
|
"cert_chain2"); |
|
|
|
|
EXPECT_EQ(c_arg->status, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); |
|
|
|
|
EXPECT_STREQ(c_arg->error_details, "error_details"); |
|
|
|
|
int schedule_output = config.Schedule(&arg); |
|
|
|
|
EXPECT_EQ(schedule_output, 0); |
|
|
|
|
EXPECT_EQ(arg.cb_user_data(), nullptr); |
|
|
|
|
EXPECT_STREQ(arg.key_materials_config()->pem_root_certs().c_str(), |
|
|
|
|
"new_pem_root_certs"); |
|
|
|
|
pair_list = arg.key_materials_config()->pem_key_cert_pair_list(); |
|
|
|
|
EXPECT_EQ(static_cast<int>(pair_list.size()), 3); |
|
|
|
|
EXPECT_STREQ(pair_list[0].private_key.c_str(), "private_key1"); |
|
|
|
|
EXPECT_STREQ(pair_list[0].cert_chain.c_str(), "cert_chain1"); |
|
|
|
|
EXPECT_STREQ(pair_list[1].private_key.c_str(), "private_key2"); |
|
|
|
|
EXPECT_STREQ(pair_list[1].cert_chain.c_str(), "cert_chain2"); |
|
|
|
|
EXPECT_STREQ(pair_list[2].private_key.c_str(), "private_key3"); |
|
|
|
|
EXPECT_STREQ(pair_list[2].cert_chain.c_str(), "cert_chain3"); |
|
|
|
|
EXPECT_EQ(arg.status(), GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); |
|
|
|
|
EXPECT_STREQ(arg.error_details()->c_str(), "error_details"); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
**/ |
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
TEST_F(CredentialsTest, TlsCredentialReloadConfigCppToC) { |
|
|
|
|
TlsCredentialReloadConfig config = |
|
|
|
|
TlsCredentialReloadConfig(nullptr, nullptr, nullptr, nullptr); |
|
|
|
|
TlsCredentialReloadConfig(nullptr, &tls_credential_reload_sync, |
|
|
|
|
&tls_credential_reload_cancel, nullptr); |
|
|
|
|
grpc_tls_credential_reload_arg c_arg; |
|
|
|
|
c_arg.cb_user_data = static_cast<void*>(nullptr); |
|
|
|
|
grpc_tls_key_materials_config c_key_materials; |
|
|
|
|
grpc::string test_private_key = "private_key"; |
|
|
|
|
grpc::string test_cert_chain = "cert_chain"; |
|
|
|
|
grpc_ssl_pem_key_cert_pair* ssl_pair = |
|
|
|
|
(grpc_ssl_pem_key_cert_pair*)gpr_malloc( |
|
|
|
|
sizeof(grpc_ssl_pem_key_cert_pair)); |
|
|
|
|
ssl_pair->private_key = gpr_strdup(test_private_key.c_str()); |
|
|
|
|
ssl_pair->cert_chain = gpr_strdup(test_cert_chain.c_str()); |
|
|
|
|
::grpc_core::PemKeyCertPair pem_key_cert_pair = |
|
|
|
|
::grpc_core::PemKeyCertPair(ssl_pair); |
|
|
|
|
::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1> |
|
|
|
|
pem_key_cert_pair_list; |
|
|
|
|
pem_key_cert_pair_list.push_back(pem_key_cert_pair); |
|
|
|
|
grpc::string test_pem_root_certs = "pem_root_certs"; |
|
|
|
|
c_key_materials.set_key_materials( |
|
|
|
|
::grpc_core::UniquePtr<char>(gpr_strdup(test_pem_root_certs.c_str())), |
|
|
|
|
pem_key_cert_pair_list); |
|
|
|
|
c_arg.key_materials_config = &c_key_materials; |
|
|
|
|
c_arg.status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; |
|
|
|
|
grpc::string test_error_details = "error_details"; |
|
|
|
|
c_arg.error_details = test_error_details.c_str(); |
|
|
|
|
|
|
|
|
|
grpc_tls_credential_reload_config* c_config = config.c_credential_reload(); |
|
|
|
|
EXPECT_EQ(c_config, nullptr); |
|
|
|
|
// EXPECT_NE(c_config, nullptr);
|
|
|
|
|
// TODO: add tests to compare schedule, cancel, destruct fields.
|
|
|
|
|
c_arg.config = c_config; |
|
|
|
|
int c_schedule_output = c_config->Schedule(&c_arg); |
|
|
|
|
EXPECT_EQ(c_schedule_output, 0); |
|
|
|
|
EXPECT_EQ(c_arg.cb_user_data, nullptr); |
|
|
|
|
EXPECT_STREQ(c_arg.key_materials_config->pem_root_certs(), |
|
|
|
|
"new_pem_root_certs"); |
|
|
|
|
::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1> pair_list = |
|
|
|
|
c_arg.key_materials_config->pem_key_cert_pair_list(); |
|
|
|
|
EXPECT_EQ(static_cast<int>(pair_list.size()), 2); |
|
|
|
|
EXPECT_STREQ(pair_list[0].private_key(), "private_key"); |
|
|
|
|
EXPECT_STREQ(pair_list[0].cert_chain(), "cert_chain"); |
|
|
|
|
EXPECT_STREQ(pair_list[1].private_key(), "private_key3"); |
|
|
|
|
EXPECT_STREQ(pair_list[1].cert_chain(), "cert_chain3"); |
|
|
|
|
EXPECT_EQ(c_arg.status, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW); |
|
|
|
|
EXPECT_STREQ(c_arg.error_details, test_error_details.c_str()); |
|
|
|
|
|
|
|
|
|
c_config->(&c_arg); |
|
|
|
|
EXPECT_EQ(c_arg.status, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL); |
|
|
|
|
EXPECT_STREQ(c_arg.error_details, "cancelled"); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
typedef class ::grpc_impl::experimental::TlsServerAuthorizationCheckArg |
|
|
|
|
@ -301,40 +397,23 @@ typedef class ::grpc_impl::experimental::TlsServerAuthorizationCheckArg |
|
|
|
|
typedef class ::grpc_impl::experimental::TlsServerAuthorizationCheckConfig |
|
|
|
|
TlsServerAuthorizationCheckConfig; |
|
|
|
|
|
|
|
|
|
TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCppToC) { |
|
|
|
|
TlsServerAuthorizationCheckArg arg; |
|
|
|
|
// Only sync server authorization check supported currently,
|
|
|
|
|
// so we use a nullptr call back function.
|
|
|
|
|
arg.set_cb(nullptr); |
|
|
|
|
arg.set_cb_user_data(nullptr); |
|
|
|
|
arg.set_success(1); |
|
|
|
|
arg.set_peer_cert("peer_cert"); |
|
|
|
|
arg.set_status(GRPC_STATUS_OK); |
|
|
|
|
arg.set_target_name("target_name"); |
|
|
|
|
arg.set_error_details("error_details"); |
|
|
|
|
grpc_tls_server_authorization_check_arg* c_arg = |
|
|
|
|
arg.c_server_authorization_check_arg(); |
|
|
|
|
// EXPECT_NE(c_arg, nullptr);
|
|
|
|
|
EXPECT_EQ(c_arg->cb, nullptr); |
|
|
|
|
EXPECT_EQ(c_arg->cb_user_data, nullptr); |
|
|
|
|
RecordProperty("TlsServerAuthorizationCheckArgCppToC::c_arg->success", |
|
|
|
|
c_arg->success); EXPECT_EQ(c_arg->success, 1); |
|
|
|
|
RecordProperty("TlsServerAuthorizationCheckArgCppToC::c_arg->peer_cert", |
|
|
|
|
c_arg->peer_cert); EXPECT_STREQ(c_arg->peer_cert, "peer_cert"); |
|
|
|
|
RecordProperty("TlsServerAuthorizationCheckArgCppToC::c_arg->target_name", |
|
|
|
|
c_arg->target_name); EXPECT_STREQ(c_arg->target_name, "target_name"); |
|
|
|
|
EXPECT_EQ(c_arg->status, GRPC_STATUS_OK); |
|
|
|
|
RecordProperty("TlsServerAuthorizationCheckArgCppToC::c_arg->error_details", |
|
|
|
|
c_arg->error_details); EXPECT_STREQ(c_arg->error_details, "error_details"); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
TEST_F(CredentialsTest, TlsServerAuthorizationCheckCppToC) { |
|
|
|
|
TlsServerAuthorizationCheckConfig config = |
|
|
|
|
TlsServerAuthorizationCheckConfig(nullptr, nullptr, nullptr, nullptr); |
|
|
|
|
grpc_tls_server_authorization_check_config* c_config = |
|
|
|
|
config.c_server_authorization_check(); |
|
|
|
|
EXPECT_EQ(c_config, nullptr); // Because c_server_authn_check not implemented
|
|
|
|
|
// TODO: add tests to compare schedule, cancel, destruct fields.
|
|
|
|
|
TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCallback) { |
|
|
|
|
grpc_tls_server_authorization_check_arg c_arg; |
|
|
|
|
c_arg.cb = tls_server_authorization_check_callback; |
|
|
|
|
c_arg.cb_user_data = nullptr; |
|
|
|
|
c_arg.success = 0; |
|
|
|
|
c_arg.target_name = "target_name"; |
|
|
|
|
c_arg.peer_cert = "peer_cert"; |
|
|
|
|
c_arg.status = GRPC_STATUS_UNAUTHENTICATED; |
|
|
|
|
c_arg.error_details = "error_details"; |
|
|
|
|
TlsServerAuthorizationCheckArg arg(c_arg); |
|
|
|
|
arg.callback(); |
|
|
|
|
EXPECT_STREQ(static_cast<char*>(arg.cb_user_data()), "cb_user_data"); |
|
|
|
|
EXPECT_EQ(arg.success(), 1); |
|
|
|
|
EXPECT_STREQ(arg.target_name()->c_str(), "callback_target_name"); |
|
|
|
|
EXPECT_STREQ(arg.peer_cert()->c_str(), "callback_peer_cert"); |
|
|
|
|
EXPECT_EQ(arg.status(), GRPC_STATUS_OK); |
|
|
|
|
EXPECT_STREQ(arg.error_details()->c_str(), "callback_error_details"); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
typedef class ::grpc_impl::experimental::TlsCredentialsOptions |
|
|
|
|
@ -359,7 +438,6 @@ TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) { |
|
|
|
|
key_materials_config->c_key_materials()); |
|
|
|
|
gpr_free(c_options); |
|
|
|
|
} |
|
|
|
|
**/ |
|
|
|
|
|
|
|
|
|
} // namespace testing
|
|
|
|
|
} // namespace grpc
|
|
|
|
|
|
Matthew Stevenson
6 years ago