From d761619484803b39a563bf09ffec6398fa67f161 Mon Sep 17 00:00:00 2001
From: Matthew Stevenson <mattstev@google.com>
Date: Tue, 20 Aug 2019 16:08:10 -0700
Subject: [PATCH] Finished unit tests

---
 test/cpp/client/credentials_test.cc | 138 +++++++++++++++++++++++++---
 1 file changed, 126 insertions(+), 12 deletions(-)

diff --git a/test/cpp/client/credentials_test.cc b/test/cpp/client/credentials_test.cc
index 93aa45e05c4..cd96738f6fa 100644
--- a/test/cpp/client/credentials_test.cc
+++ b/test/cpp/client/credentials_test.cc
@@ -71,13 +71,31 @@ static void tls_credential_reload_cancel(void* config_user_data,
 static void tls_server_authorization_check_callback(
     grpc_tls_server_authorization_check_arg* arg) {
   GPR_ASSERT(arg != nullptr);
-  char* cb_user_data = "cb_user_data";
-  arg->set_cb_user_data(static_cast<void*>(gpr_strdup(cb_user_data)));
+  grpc::string cb_user_data = "cb_user_data";
+  arg->cb_user_data(static_cast<void*>(gpr_strdup(cb_user_data.c_str())));
+  arg->success(1);
+  arg->target_name("callback_target_name");
+  arg->peer_cert("callback_peer_cert");
+  arg->status(GRPC_STATUS_OK);
+  arg->error_details("callback_error_details");
+}
+
+static int tls_server_authorization_check_sync(void* config_user_data, TlsServerAuthorizationCheckArg* arg) {
+  GPR_ASSERT(arg != nullptr);
+  grpc::string cb_user_data = "cb_user_data";
+  arg->set_cb_user_data(static_cast<void*>(gpr_strdup(cb_user_data.c_str())));
   arg->set_success(1);
-  arg->set_target_name("callback_target_name");
-  arg->set_peer_cert("callback_peer_cert");
+  arg->set_target_name("sync_target_name");
+  arg->set_peer_cert("sync_peer_cert");
   arg->set_status(GRPC_STATUS_OK);
-  arg->set_error_details("callback_error_details");
+  arg->set_error_details("sync_error_details");
+  return 1;
+}
+
+static void tls_server_authorization_check_cancel(void* config_user_data, TlsServerAuthorizationCheckArg* arg) {
+  GPR_ASSERT(arg != nullptr);
+  arg->set_status(GRPC_STATUS_PERMISSION_DENIED);
+  arg->set_error_details("cancelled");
 }
 
 }  // namespace
@@ -254,12 +272,12 @@ typedef class ::grpc_impl::experimental::TlsKeyMaterialsConfig
     TlsKeyMaterialsConfig;
 
 TEST_F(CredentialsTest, TlsKeyMaterialsConfigCppToC) {
-  TlsKeyMaterialsConfig config;
+  std::shared_ptr<TlsKeyMaterialsConfig> config(new TlsKeyMaterialsConfig());
   struct TlsKeyMaterialsConfig::PemKeyCertPair pair = {"private_key",
                                                        "cert_chain"};
   std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pair_list = {pair};
-  config.set_key_materials("pem_root_certs", pair_list);
-  grpc_tls_key_materials_config* c_config = config.c_key_materials();
+  config->set_key_materials("pem_root_certs", pair_list);
+  grpc_tls_key_materials_config* c_config = c_key_materials(config);
   EXPECT_STREQ("pem_root_certs", c_config->pem_root_certs());
   EXPECT_EQ(1, static_cast<int>(c_config->pem_key_cert_pair_list().size()));
   EXPECT_STREQ(pair.private_key.c_str(),
@@ -416,6 +434,52 @@ TEST_F(CredentialsTest, TlsServerAuthorizationCheckArgCallback) {
   EXPECT_STREQ(arg.error_details()->c_str(), "callback_error_details");
 }
 
+TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigSchedule) {
+  TlsServerAuthorizationCheckConfig config = TlsServerAuthorizationCheckConfig(nullptr, &tls_server_authorization_check_sync, nullptr, nullptr);
+  TlsServerAuthorizationCheckArg arg;
+  arg.set_cb_user_data(nullptr);
+  arg.set_success(0);
+  arg.set_target_name("target_name");
+  arg.set_peer_cert("peer_cert");
+  arg.set_status(GRPC_STATUS_PERMISSION_DENIED);
+  arg.set_error_details("error_details");
+  int schedule_output = config.Schedule(&arg);
+  EXPECT_STREQ(static_cast<char*>(arg.cb_user_data()), "cb_user_data");
+  EXPECT_EQ(arg.success(), 1);
+  EXPECT_STREQ(arg.target_name()->c_str(), "sync_target_name");
+  EXPECT_STREQ(arg.peer_cert()->c_str(), "sync_peer_cert");
+  EXPECT_EQ(arg.status(), GRPC_STATUS_OK);
+  EXPECT_STREQ(arg.error_details(), "sync_error_details");
+}
+
+TEST_F(CredentialsTest, TlsServerAuthorizationCheckConfigCppToC) {
+  TlsServerAuthorizationCheckConfig config = TlsServerAuthorizationCheckConfig(
+      nullptr, &tls_server_authorization_check_sync, &tls_server_authorization_check_cancel, nullptr);
+  grpc_tls_server_authorization_check_arg c_arg;
+  c_arg.cb = tls_server_authorization_check_callback;
+  c_arg.cb_user_data = nullptr;
+  c_arg.success = 0;
+  c_arg.target_name = "target_name";
+  c_arg.peer_cert = "peer_cert";
+  c_arg.status = GRPC_STATUS_UNAUTHENTICATED;
+  c_arg.error_details = "error_details";
+
+  grpc_tls_server_authorization_check_config* c_config = config.c_server_authorization_check();
+  c_arg.config = c_config;
+  int c_schedule_output = c_config->Schedule(&c_arg);
+  EXPECT_EQ(c_schedule_output, 1);
+  EXPECT_STREQ(static_cast<char*>(c_arg.cb_user_data), "cb_user_data");
+  EXPECT_EQ(c_arg.success, 1);
+  EXPECT_STREQ(c_arg.target_name, "sync_target_name");
+  EXPECT_STREQ(c_arg.peer_cert, "sync_peer_cert");
+  EXPECT_EQ(c_arg.status, GRPC_STATUS_OK);
+  EXPECT_STREQ(c_arg.error_details, "sync_error_details");
+
+  c_config->Cancel(&c_arg);
+  EXPECT_EQ(c_arg.status, GRPC_STATUS_PERMISSION_DENIED);
+  EXPECT_STREQ(c_arg.error_details, "cancelled");
+}
+
 typedef class ::grpc_impl::experimental::TlsCredentialsOptions
     TlsCredentialsOptions;
 
@@ -429,13 +493,63 @@ TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) {
   std::vector<TlsKeyMaterialsConfig::PemKeyCertPair> pair_list = {pair};
   key_materials_config->set_key_materials("pem_root_certs", pair_list);
   options.set_key_materials_config(key_materials_config);
-  // TODO: add instances of credential reload and server authorization check to
-  // options.
+
+  std::shared_ptr<TlsCredentialReloadConfig> credential_reload_config(new TlsCredentialReloadConfig(
+      nullptr, &tls_credential_reload_sync, &tls_credential_reload_cancel, nullptr));
+  options.set_credential_reload_config(credential_reload_config);
+
+  std::shared_ptr<TlsServerAuthorizationCheckConfig> server_authorization_check_config(new TlsServerAuthorizationCheckConfig(
+      nullptr, &tls_server_authorization_check_sync, &tls_server_authorization_check_cancel, nullptr));
+  options.set_server_authorization_check_config(server_authorization_check_config);
+
   grpc_tls_credentials_options* c_options = options.c_credentials_options();
   EXPECT_EQ(c_options->cert_request_type(),
             GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
-  EXPECT_EQ(c_options->key_materials_config(),
-            key_materials_config->c_key_materials());
+  grpc_tls_key_materials_config* c_key_materials_config = c_options->key_materials_config();
+  grpc_tls_credential_reload_config* c_credential_reload_config = c_options->credential_reload_config();
+  grpc_tls_credential_reload_arg* c_credential_reload_arg;
+  c_credential_reload_arg.key_materials_config = c_key_materials_config;
+  c_credential_reload_arg.status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
+  grpc::string test_error_details = "error_details";
+  c_credential_reload_arg.error_details = test_error_details.c_str();
+  grpc_tls_server_authorization_check_config* c_server_authorization_check_config = c_options->server_authorization_check_config();
+  grpc_tls_server_authorization_check_arg c_server_authorization_check_arg;
+  c_server_authorization_check_arg.cb = tls_server_authorization_check_callback;
+  c_server_authorization_check_arg.cb_user_data = nullptr;
+  c_server_authorization_check_arg.success = 0;
+  c_server_authorization_check_arg.target_name = "target_name";
+  c_server_authorization_check_arg.peer_cert = "peer_cert";
+  c_server_authorization_check_arg.status = GRPC_STATUS_UNAUTHENTICATED;
+  c_server_authorization_check_arg.error_details = "error_details";
+
+  EXPECT_STREQ(c_key_materials_config->pem_root_certs(), "pem_root_certs");
+  EXPECT_EQ(static_cast<int>(c_key_materials_config->pem_key_cert_pair_list().size()), 1);
+  EXPECT_STREQ(c_key_materials_config->pem_key_cert_pair_list()[0].private_key(), "private_key");
+  EXPECT_STREQ(c_key_materials_config->pem_key_cert_pair_list()[0].cert_chain(), "cert_chain");
+
+  int c_credential_reload_schedule_output = c_credential_reload_config->Schedule(&c_credential_reload_arg);
+  EXPECT_EQ(c_credential_reload_schedule_output, 0);
+  EXPECT_EQ(c_credential_reload_arg.cb_user_data, nullptr);
+  EXPECT_STREQ(c_credential_reload_arg.key_materials_config->pem_root_certs(), "new_pem_root_certs");
+  ::grpc_core::InlinedVector<::grpc_core::PemKeyCertPair, 1> pair_list =
+      c_credential_reload_arg.key_materials_config->pem_key_cert_pair_list();
+  EXPECT_EQ(static_cast<int>(pair_list.size()), 2);
+  EXPECT_STREQ(pair_list[0].private_key(), "private_key");
+  EXPECT_STREQ(pair_list[0].cert_chain(), "cert_chain");
+  EXPECT_STREQ(pair_list[1].private_key(), "private_key3");
+  EXPECT_STREQ(pair_list[1].cert_chain(), "cert_chain3");
+  EXPECT_EQ(c_credential_reload_arg.status, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW);
+  EXPECT_STREQ(c_credential_reload_arg.error_details, test_error_details.c_str());
+
+  int c_server_authorization_check_schedule_output = c_server_authorization_check_config->Schedule(&c_server_authorization_check_arg);
+  EXPECT_EQ(c_server_authorization_check_schedule_output, 1);
+  EXPECT_STREQ(static_cast<char*>(c_server_authorization_check_arg.cb_user_data), "cb_user_data");
+  EXPECT_EQ(c_server_authorization_check_arg.success, 1);
+  EXPECT_STREQ(c_server_authorization_check_arg.target_name, "sync_target_name");
+  EXPECT_STREQ(c_server_authorization_check_arg.peer_cert, "sync_peer_cert");
+  EXPECT_EQ(c_server_authorization_check_arg.status, GRPC_STATUS_OK);
+  EXPECT_STREQ(c_server_authorization_check_arg.error_details, "sync_error_details");
+
   gpr_free(c_options);
 }