Add SSL root for production GFE.

Change on 2014/12/19 by chenw <chenw@google.com>
-------------
Created by MOE: http://code.google.com/p/moe-java
MOE_MIGRATED_REVID=82554526

Makefile

@@ -1012,7 +1012,8 @@ clean_libgrpc:
 
 LIBGRPC_TEST_UTIL_SRC = \
     test/core/end2end/cq_verifier.c \
-    test/core/end2end/data/ca_cert.c \
+    test/core/end2end/data/test_root_cert.c \
+    test/core/end2end/data/prod_roots_certs.c \
     test/core/end2end/data/server1_cert.c \
     test/core/end2end/data/server1_key.c \
     test/core/iomgr/endpoint_tests.c \
@@ -1965,7 +1966,8 @@ clean_libend2end_test_writes_done_hangs_with_pending_read:
 
 
 LIBEND2END_CERTS_SRC = \
-    test/core/end2end/data/ca_cert.c \
+    test/core/end2end/data/test_root_cert.c \
+    test/core/end2end/data/prod_roots_certs.c \
     test/core/end2end/data/server1_cert.c \
     test/core/end2end/data/server1_key.c \
 

build.json

@@ -282,7 +282,8 @@
       "vs_project_guid": "{17BCAFC0-5FDC-4C94-AEB9-95F3E220614B}",
       "src": [
         "test/core/end2end/cq_verifier.c",
-        "test/core/end2end/data/ca_cert.c",
+        "test/core/end2end/data/test_root_cert.c",
+        "test/core/end2end/data/prod_roots_certs.c",
         "test/core/end2end/data/server1_cert.c",
         "test/core/end2end/data/server1_key.c",
         "test/core/iomgr/endpoint_tests.c",

test/core/end2end/data/ssl_test_data.h

@@ -34,11 +34,14 @@
 #ifndef __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__
 #define __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__
 
-extern unsigned char test_ca_cert[];
-extern unsigned int test_ca_cert_size;
+extern unsigned char test_root_cert[];
+extern unsigned int test_root_cert_size;
 extern unsigned char test_server1_cert[];
 extern unsigned int test_server1_cert_size;
 extern unsigned char test_server1_key[];
 extern unsigned int test_server1_key_size;
 
+extern unsigned char prod_roots_certs[];
+extern unsigned int prod_roots_certs_size;
+
 #endif  /* __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__ */

test/core/end2end/data/test_root_cert.c

@@ -31,7 +31,7 @@
  *
  */
 
-unsigned char test_ca_cert[] = {
+unsigned char test_root_cert[] = {
     0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43,
     0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d,
     0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x49, 0x7a, 0x43, 0x43,
@@ -99,4 +99,4 @@ unsigned char test_ca_cert[] = {
     0x75, 0x54, 0x51, 0x66, 0x63, 0x49, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d,
     0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49,
     0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a};
-unsigned int test_ca_cert_size = 802;
+unsigned int test_root_cert_size = 802;

test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c

@@ -99,7 +99,7 @@ void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) {
 static void chttp2_init_client_simple_ssl_secure_fullstack(
     grpc_end2end_test_fixture *f, grpc_channel_args *client_args) {
   grpc_credentials *ssl_creds = grpc_ssl_credentials_create(
-      test_ca_cert, test_ca_cert_size, NULL, 0, NULL, 0);
+      test_root_cert, test_root_cert_size, NULL, 0, NULL, 0);
   grpc_arg ssl_name_override = {GRPC_ARG_STRING,
                                 GRPC_SSL_TARGET_NAME_OVERRIDE_ARG,
                                 {"foo.test.google.com"}};

test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c

@@ -100,7 +100,7 @@ void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) {
 static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack(
     grpc_end2end_test_fixture *f, grpc_channel_args *client_args) {
   grpc_credentials *ssl_creds = grpc_ssl_credentials_create(
-      test_ca_cert, test_ca_cert_size, NULL, 0, NULL, 0);
+      test_root_cert, test_root_cert_size, NULL, 0, NULL, 0);
   grpc_credentials *oauth2_creds =
       grpc_fake_oauth2_credentials_create("Bearer aaslkfjs424535asdf", 1);
   grpc_credentials *ssl_oauth2_creds =

test/core/end2end/gen_build_json.py

@@ -61,7 +61,8 @@ def main():
               'name': 'end2end_certs',
               'build': 'private',
               'src': [
-                  "test/core/end2end/data/ca_cert.c",
+                  "test/core/end2end/data/test_root_cert.c",
+                  "test/core/end2end/data/prod_roots_certs.c",
                   "test/core/end2end/data/server1_cert.c",
                   "test/core/end2end/data/server1_key.c"
               ]

test/cpp/util/create_test_channel.cc

@@ -44,19 +44,23 @@ namespace grpc {
 // create channel. Otherwise, connect to server and override hostname if
 // override_hostname is provided.
 // When ssl is not enabled, override_hostname is ignored.
+// Set use_prod_root to true to use the SSL root for production GFE. Otherwise,
+// root for test SSL cert will be used.
 // Use examples:
-//   CreateTestChannel("1.1.1.1:12345", "override.hostname.com", true);
-//   CreateTestChannel("test.google.com:443", "", true);
-//   CreateTestChannel("", "test.google.com:443", true);  // same as above
+//   CreateTestChannel("1.1.1.1:12345", "override.hostname.com", true, false);
+//   CreateTestChannel("test.google.com:443", "", true, true);
+//   CreateTestChannel("", "test.google.com:443", true, true);  // same as above
 std::shared_ptr<ChannelInterface> CreateTestChannel(
     const grpc::string& server, const grpc::string& override_hostname,
-    bool enable_ssl) {
+    bool enable_ssl, bool use_prod_roots) {
   ChannelArguments channel_args;
   if (enable_ssl) {
-    SslCredentialsOptions ssl_opts = {
-        {reinterpret_cast<const char*>(test_ca_cert), test_ca_cert_size},
-        "",
-        ""};
+    const char* roots_certs =
+        use_prod_roots ? reinterpret_cast<const char*>(prod_roots_certs)
+                       : reinterpret_cast<const char*>(test_root_cert);
+    unsigned int roots_certs_size =
+        use_prod_roots ? prod_roots_certs_size : test_root_cert_size;
+    SslCredentialsOptions ssl_opts = {{roots_certs, roots_certs_size}, "", ""};
 
     std::unique_ptr<Credentials> creds =
         CredentialsFactory::SslCredentials(ssl_opts);
@@ -75,7 +79,7 @@ std::shared_ptr<ChannelInterface> CreateTestChannel(
 // Shortcut for end2end and interop tests.
 std::shared_ptr<ChannelInterface> CreateTestChannel(const grpc::string& server,
                                                     bool enable_ssl) {
-  return CreateTestChannel(server, "foo.test.google.com", enable_ssl);
+  return CreateTestChannel(server, "foo.test.google.com", enable_ssl, false);
 }
 
 }  // namespace grpc

test/cpp/util/create_test_channel.h

@@ -48,6 +48,10 @@ std::shared_ptr<ChannelInterface> CreateTestChannel(
 std::shared_ptr<ChannelInterface> CreateTestChannel(const grpc::string& server,
                                                     bool enable_ssl);
 
+std::shared_ptr<ChannelInterface> CreateTestChannel(
+    const grpc::string& server, const grpc::string& override_hostname,
+    bool enable_ssl, bool use_prod_roots);
+
 }  // namespace grpc
 
 #endif  // __GRPCPP_TEST_UTIL_CREATE_TEST_CHANNEL_H_

vsprojects/vs2013/grpc_test_util.vcxproj

@@ -75,7 +75,9 @@
   <ItemGroup>
     <ClCompile Include="..\..\test\core\end2end\cq_verifier.c">
     </ClCompile>
-    <ClCompile Include="..\..\test\core\end2end\data\ca_cert.c">
+    <ClCompile Include="..\..\test\core\end2end\data\test_root_cert.c">
+    </ClCompile>
+    <ClCompile Include="..\..\test\core\end2end\data\prod_roots_certs.c">
     </ClCompile>
     <ClCompile Include="..\..\test\core\end2end\data\server1_cert.c">
     </ClCompile>