revision 1

6 years ago · 8a301a438a
parent 61827dd66f
commit 8a301a438a
5 changed files with 69 additions and 54 deletions
--- a/src/core/tsi/ssl_transport_security.cc
+++ b/src/core/tsi/ssl_transport_security.cc
@ -711,8 +711,8 @@ static tsi_result populate_ssl_context(
 }

 /* Extracts the CN and the SANs from an X509 cert as a peer object. */
-tsi_result extract_x509_subject_names_from_pem_cert(const char* pem_cert,
-                                                    tsi_peer* peer) {
+tsi_result tsi_ssl_extract_x509_subject_names_from_pem_cert(
+    const char* pem_cert, tsi_peer* peer) {
  tsi_result result = TSI_OK;
  X509* cert = nullptr;
  BIO* pem;
@ -1890,7 +1890,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
      }
      /* TODO(jboeuf): Add revocation verification. */

-      result = extract_x509_subject_names_from_pem_cert(
+      result = tsi_ssl_extract_x509_subject_names_from_pem_cert(
          options->pem_key_cert_pairs[i].cert_chain,
          &impl->ssl_context_x509_subject_names[i]);
      if (result != TSI_OK) break;
--- a/src/core/tsi/ssl_transport_security.h
+++ b/src/core/tsi/ssl_transport_security.h
@ -333,7 +333,7 @@ const tsi_ssl_handshaker_factory_vtable* tsi_ssl_handshaker_factory_swap_vtable(
    tsi_ssl_handshaker_factory_vtable* new_vtable);

 /* Exposed for testing only. */
-tsi_result extract_x509_subject_names_from_pem_cert(const char* pem_cert,
-                                                    tsi_peer* peer);
+tsi_result tsi_ssl_extract_x509_subject_names_from_pem_cert(
+    const char* pem_cert, tsi_peer* peer);

 #endif /* GRPC_CORE_TSI_SSL_TRANSPORT_SECURITY_H */
--- a/src/core/tsi/test_creds/multi-domain.key
+++ b/src/core/tsi/test_creds/multi-domain.key
@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA1e+GwyVNsoKu7PqvOf/EubN45rB5o5PQF9A5fBPpiBtKZdvb
-bOouGlulRwaMQOLDZi9M6l/AhE1b207+iSBTn9jSQT0elaYwVtKgb/qoehQjFAG8
-BckPmA9E4SDx2Ug9AtV3rTVs4V2yaDHNSfDSXQ2PS9fuIx7FK5mMnUM2fjskcZqu
-HV5f8McXEtvpuTktnb+KDgETO0Cdu3+rf/RtraTuKZb0kmAgf+KaNWDL2j5QsFKa
-6sT4812Vfwaevm9qKOtzgAFobCwdVt+Ap/B0XWj4CmzJMPN/SXESluoBHszmTi6Q
-mkTEzYbzmD/ObyTxXVKu46kRVmJKXh6BE1wk2QIDAQABAoIBAQDPpS8OFhT14LXc
-Oez9xGyzOaltb3iA9qURl/9TmRggDS0G9IBjlGCvIKio6YgUKoUxl1N2YP3A7Dzt
-/hw8CG5iRda9j48x/R4KB2HFjmscIpNxhcVzcBV8p8VZJdrX5K+jIoKIUcSecY0K
-aNwymlX0D4c4PBtdZy5FBUJgGa64kPQqd+1Ha4cKgD9+oZzSo5Me04cGV7gWqBGt
-qY9KL9j8RGA5m+CHu4Qi2ZXnFlkeH/teXuH5AhFzxeYZG4ZwtXCTjNXxQelVNbYw
-mIOnADvd+RhJoeLZnGdM/gyFfLpJW6rtqva9l4h2qxKxnO3CcYHwac475wE49ukv
-qx027fopAoGBAPTXRsXRHnK+ZZbj1mafFXeM4G+f8QMLxaSP/za6uYKd1BihXurr
-NUhYCQ+d6E+HXnCsYQcfR4AMTSqZRA2XImW4ZW8HRog+OBOn9LDaRcvqlqenKs/Z
-IoOUqaqVTqNF2ukkH4usnBugPvdxiqtIGXCBFlS0st+PwIoBtRYD0u6bAoGBAN+v
-qElfO/LOjzYWsV6bUSxWRp1XFnfxujitkcYbai+AnBITvZ6BcPfcATQ9IIp42HKk
-vQ5PVViN2eCzB0R4I09fSOk/1PPGQM/jzgDQ5Q7zy644ee/lPbryKeFbCOxQtQ50
-0ZRHmQmUW/L9FmNxW1Dx0wcicMC2Bq+VnXvkHVebAoGBAMChpxL4Boasee0PcJ3o
-x9D5S5NHOS32Uxe4G0mJ+25ikn6WZ8FYMOGsMeTRjfcUQB9R4DzkRTLfes7rKvmu
-UOfK/jMufDWxDhmY6RFDiep3tPROt4Y0Bc2UZzDIq8gVq7gGLbOMqH2rxB6WfE1q
-Ommjhlg6mwj9ZrStxzV86LXFAoGAISX22miyiZjywCE8x7hcnyVp8YcmXUAFSMDw
-CVumsMNuXX9vaj3kb9a6lvM4D005RkQDgEtham4bC6F8QjlLgkeslmRPOpD2qdgo
-fxZ123Fljbvw1gwyybF5Y1wKRnrvWeUV6dNyamkB91BqMPJrheNQUo5YBzbyZrLV
-U7bKYmECgYEAj7ekhtCiIUMih8noMfpHR0lJG4VhdfqiVL+w25CgnpZJDa6o7pYD
-F5fMivdfdKaSAOA5mUGN5u6NrTpfFKhHDucpIOM2+WGOzbbWEc/gEDQ/xEyPEhxj
-t4ErMTByrDGKtGuaolNYzAU0SSbCnAAH3L2MRChC9Qv7f5ZVOZX1GPQ=
+MIIEpAIBAAKCAQEAtCJ7xmvXxypNx7d6vV9YWZ3SHtm7+OrnDP9LBokGvpkIUloJ
+q6IJxVQPTepJWM7JfXGtWgkdfmUCZjswlQmvbCJSYA8+Y76Sm9M6sf26RsMayxXU
+ozWdw227frCpQt2ybor7qOLBBbQ30XbsdxPIwlrJst9Shleey93g56EDkhZWQQMN
+8cciakv9zUz6GwRu3XtK4KGtWb3VpsOhf8WAoVQ05o4Cevz3LrY7NcZj2IvIna5V
+E5QxQnRXpd5gNzyE1rbzN3pXmHk2SShGI7sEqgo9HOfu7EufwsfmaCXbuCNGhlS
+4YfJvuqZ7ElijUbMnYu3eGKWfjymfp/7qHu87wIDAQABAoIBAQCtgU2BaJy1XN0A
+Uo1p3G2IHEioqIazEuesEDaeu9uAOHzYfZs082W/6OC45sLxRHS1XIph38fF19tA
+xyBbXbHXURPRLL2ma4hhiUrO6JrEz+Z92LAw6FLmS0q+k8DlBA97BGm0WX0cVmMx
+YgAQDkFgWvxOS2b8uWbd7QBVezSqPzN8iV2GNmnEA7FIphqqJbkgEBOxbwJig5Ll
+WJ51Q8nWWVZS1AY2kJjf2ndFJgrB3Zbuib0nnmjsG4esB5AS9Fyjadmc+ilU7ceX
+y+AdccV2cO0f9k8SBPWHUrRuiuMTcwoQ/r2HN9THaho1QBWPRPjzvXetKLTzRdK0
+yzEI9x5AoGBAO+CYFKWwt8ylrqQzuGPVYu32RUaVgUtZVsWoF5vzK35WYFCfA+S
+qIO+wPs06py79Ytgk/ff5QCz7DRepdlrmyq5ZqZ0xD858H8qzNByySZI0DSJU1wr
+7Uw/5vf/+6/1/dmgPrT7HjZyGuvqq1XieBcjonQ5RYooEcjCcCnz9+z9AoGBAMCJ
+kApBhTOVBquiXiqEsrbrT7s8u2KbqN9L7E2o5MnfG7sIhrFbY0Bjvdsut1omfBxd
+XpTWnyR+OLd6xSpBB5fEBKD21dotwgNmJm+wTAER8ZpohlTLv8gQRHclkFg5chyY
+2LJKfssiaXvocKMq3CwM7XAnbI8OTDnwxSqAfCtbAoGBAI7RGGzG90auXNC83pAD
+r0gUBb8eqCKIMkMBl/kYA13OLP/1zBJhKlj82wgwQqHZNo64tSL+gAhOQU/tDEo8
+bxcn3LzvLcJh4zWBKQY3HBjXHEfnhyyUCPkJtck1/DetoIQvmJTElPx0R/dbRHV/
+CIsLtahGKmA6inhC8S0jDDhlAoGAX5svglg8q3uB33J17gkMsVYxtlkW94UyGweZ
+ZIrMaQ23uG0obSNjKpMcsJ0HAOYBVRhsId5dEgL3aOy2wR+fhJYack9/q6JzJ7ru
+tSFG7HUbkr/6jFrMdazWQo/NmHGWH2sql4X0ZixFUvj+DZf30ovsz3dUKclAwriz
+P0Kj5ecCgYBbn1REy6+5x6lLO2SIymharMTPSG23GBiwPTSpyMD5WbzqKEQVSSJX
+eIaaTPz68HOmgvBZUE7Svbz/OqhDEgZxZG9o7Pr4tsdAUzAt/LNkYA8BOjTnrx7W
+ANPvr6b2UHBn26SitdwC5emdsGZIPBGS0XDzznvNwxl2+t14iteEbg==
 -----END RSA PRIVATE KEY-----
--- a/src/core/tsi/test_creds/multi-domain.pem
+++ b/src/core/tsi/test_creds/multi-domain.pem
@ -1,23 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIDwDCCAqigAwIBAgIUYSe4/8nE/RVUX7e7QeyCmqPWd6AwDQYJKoZIhvcNAQEL
-BQAwODELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G
-A1UECwwGR29vZ2xlMB4XDTE5MDgwNTE4MDYwNVoXDTIwMDgwNDE4MDYwNVowODEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0GA1UECwwG
-R29vZ2xlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1e+GwyVNsoKu
-7PqvOf/EubN45rB5o5PQF9A5fBPpiBtKZdvbbOouGlulRwaMQOLDZi9M6l/AhE1b
-207+iSBTn9jSQT0elaYwVtKgb/qoehQjFAG8BckPmA9E4SDx2Ug9AtV3rTVs4V2y
-aDHNSfDSXQ2PS9fuIx7FK5mMnUM2fjskcZquHV5f8McXEtvpuTktnb+KDgETO0Cd
-u3+rf/RtraTuKZb0kmAgf+KaNWDL2j5QsFKa6sT4812Vfwaevm9qKOtzgAFobCwd
-Vt+Ap/B0XWj4CmzJMPN/SXESluoBHszmTi6QmkTEzYbzmD/ObyTxXVKu46kRVmJK
-Xh6BE1wk2QIDAQABo4HBMIG+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMIGjBgNV
-HREEgZswgZiCE2Zvby50ZXN0LmRvbWFpbi5jb22CE2Jhci50ZXN0LmRvbWFpbi5j
-b22GIGh0dHBzOi8vZm9vLnRlc3QuZG9tYWluLmNvbS90ZXN0hiBodHRwczovL2Jh
-ci50ZXN0LmRvbWFpbi5jb20vdGVzdIETZm9vQHRlc3QuZG9tYWluLmNvbYETYmFy
-QHRlc3QuZG9tYWluLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAzBhVGeqIntQs9qpK
-xGOjpFTBMzCjYORNAq09Otkc/IBwtPOq0K2as7fp6Vr5DRStN7hDSBrMjZh+XujY
-3GNEv4pIR5fWwrZg/fnNyG5BIUhdq/qtC3JAMqBjno3OJjg1t4KzS4l+ozHeevJA
-qT9t6aodsn1r7w89MfAVGPIw7D3n9n5N4z2b/co17W8B0RyMWX2PmQWkEqn7kId/
-Jj+hmw2n9UV1IU3xhcepxG+wzjFLIB9nsDwgtZogK6f5p9FFBG8raqk6QhVSlRgh
-JmNqmK5+hyUy1zbjGqgfM5eVmQ/A3qWVQTrk3HeTr2hO9GoBHeXQfinjlIhnbbtJ
-xouhvA==
+MIID5DCCAsygAwIBAgIUMmNBVcGnMw2sMASWhdn5IvFktoYwDQYJKoZIhvcNAQEL
+BQAwSjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G
+A1UECwwGR29vZ2xlMRAwDgYDVQQDDAd4cGlnb3JzMB4XDTE5MDgwNzIxMDY0NVoX
+DTIwMDgwNjIxMDY0NVowSjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYD
+VQQHDAJTRjEPMA0GA1UECwwGR29vZ2xlMRAwDgYDVQQDDAd4cGlnb3JzMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCJ7xmvXxypNx7d6vV9YWZ3SHtm7
+OrnDP9LBokGvpkIUloJq6IJxVQPTepJWM7JfXGtWgkdfmUCZjswlQmvbCJSYA8+
+Y76Sm9M6sf26RsMayxXUozWdw227frCpQt2ybor7qOLBBbQ30XbsdxPIwlrJst9S
+hleey93g56EDkhZWQQMN8cciakv9zUz6GwRu3XtK4KGtWb3VpsOhf8WAoVQ05o4C
+evz3LrY7NcZj2IvIna5V+E5QxQnRXpd5gNzyE1rbzN3pXmHk2SShGI7sEqgo9HOf
+u7EufwsfmaCXbuCNGhlS4YfJvuqZ7ElijUbMnYu3eGKWfjymfp/7qHu87wIDAQAB
+o4HBMIG+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMIGjBgNVHREEgZswgZiCE2Zv
+by50ZXN0LmRvbWFpbi5jb22CE2Jhci50ZXN0LmRvbWFpbi5jb22BE2Zvb0B0ZXN0
+LmRvbWFpbi5jb22BE2JhckB0ZXN0LmRvbWFpbi5jb22GIGh0dHBzOi8vZm9vLnRl
+c3QuZG9tYWluLmNvbS90ZXN0hiBodHRwczovL2Jhci50ZXN0LmRvbWFpbi5jb20v
+dGVzdDANBgkqhkiG9w0BAQsFAAOCAQEAIu99zFdybv5OoLNYeyhZsiGjHJQ/ECYr
+dp4XeRftwO5lvLUbxDz4nfs7dedDYqk+amfgJsVg9zDykeAslvjmuWHJ1IgACAqm
+SlR43gwWt1YMXH7NJ8unAxF3OwGDMdIA5WJfYo2XFz4o55wWCiUbxCpWJYu8hwz6
+6IRmn6hWWsxlflWmgaV5hYKL8bLF13Ku9gZbNFFJw6knyqw+x4b1LwsnKeZGvS7E
+EvGVyhMylPVFc0ZZy0TZvk3UOR9TbIMXiztQIWrw30izwPNElvUTzSkAbAg+h6+8
+G7xSZYDr6l81M0a3S2VU75yjMCHKP5/wE9hsfTr/NpWN7w5w5PmqdA==
 -----END CERTIFICATE-----
--- a/test/core/tsi/ssl_transport_security_test.cc
+++ b/test/core/tsi/ssl_transport_security_test.cc
@ -790,13 +790,25 @@ void ssl_tsi_test_duplicate_root_certificates() {
  gpr_free(dup_root_cert);
 }

-void ssl_tsi_test_uri_email_subject_alt_names() {
+void ssl_tsi_test_extract_x509_subject_names() {
  char* cert = load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "multi-domain.pem");
  tsi_peer peer;
-  GPR_ASSERT(extract_x509_subject_names_from_pem_cert(cert, &peer) == TSI_OK);
+  GPR_ASSERT(tsi_ssl_extract_x509_subject_names_from_pem_cert(cert, &peer) ==
+             TSI_OK);
  // One for common name, one for certificate, and six for SAN fields.
  size_t expected_property_count = 8;
  GPR_ASSERT(peer.property_count == expected_property_count);
+  // Check common name
+  const char* expected_cn = "xpigors";
+  const tsi_peer_property* property = tsi_peer_get_property_by_name(
+      &peer, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY);
+  GPR_ASSERT(property != nullptr);
+  GPR_ASSERT(
+      memcmp(property->value.data, expected_cn, property->value.length) == 0);
+  // Check certificate data
+  property = tsi_peer_get_property_by_name(&peer, TSI_X509_PEM_CERT_PROPERTY);
+  GPR_ASSERT(property != nullptr);
+  GPR_ASSERT(memcmp(property->value.data, cert, property->value.length) == 0);
  // Check DNS
  GPR_ASSERT(check_subject_alt_name(&peer, "foo.test.domain.com") == 1);
  GPR_ASSERT(check_subject_alt_name(&peer, "bar.test.domain.com") == 1);
@ -808,6 +820,9 @@ void ssl_tsi_test_uri_email_subject_alt_names() {
  // Check email address
  GPR_ASSERT(check_subject_alt_name(&peer, "foo@test.domain.com") == 1);
  GPR_ASSERT(check_subject_alt_name(&peer, "bar@test.domain.com") == 1);
+  // Free memory
+  gpr_free(cert);
+  tsi_peer_destruct(&peer);
 }

 int main(int argc, char** argv) {
@ -835,7 +850,7 @@ int main(int argc, char** argv) {
  ssl_tsi_test_do_round_trip_odd_buffer_size();
  ssl_tsi_test_handshaker_factory_internals();
  ssl_tsi_test_duplicate_root_certificates();
-  ssl_tsi_test_uri_email_subject_alt_names();
+  ssl_tsi_test_extract_x509_subject_names();
  grpc_shutdown();
  return 0;
 }