Separate connection specific args in EvaluaetArgs. (#25969)

4 years ago · e438fa609b
parent 980ccba493
commit e438fa609b
13 changed files with 351 additions and 414 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -2162,7 +2162,6 @@ if(gRPC_BUILD_TESTS)

 add_library(grpc_test_util
  test/core/util/cmdline.cc
-  test/core/util/eval_args_mock_endpoint.cc
  test/core/util/fuzzer_util.cc
  test/core/util/grpc_profiler.cc
  test/core/util/histogram.cc
@ -2232,7 +2231,6 @@ if(gRPC_BUILD_TESTS)

 add_library(grpc_test_util_unsecure
  test/core/util/cmdline.cc
-  test/core/util/eval_args_mock_endpoint.cc
  test/core/util/fuzzer_util.cc
  test/core/util/grpc_profiler.cc
  test/core/util/histogram.cc
@ -14502,7 +14500,6 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
    ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.pb.h
    ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.h
    test/core/util/cmdline.cc
-    test/core/util/eval_args_mock_endpoint.cc
    test/core/util/fuzzer_util.cc
    test/core/util/grpc_profiler.cc
    test/core/util/histogram.cc
--- a/build_autogenerated.yaml
+++ b/build_autogenerated.yaml
@ -1471,11 +1471,12 @@ libs:
  public_headers: []
  headers:
  - test/core/util/cmdline.h
-  - test/core/util/eval_args_mock_endpoint.h
+  - test/core/util/evaluate_args_test_util.h
  - test/core/util/fuzzer_util.h
  - test/core/util/grpc_profiler.h
  - test/core/util/histogram.h
  - test/core/util/memory_counters.h
+  - test/core/util/mock_authorization_endpoint.h
  - test/core/util/mock_endpoint.h
  - test/core/util/parse_hexstring.h
  - test/core/util/passthru_endpoint.h
@ -1493,7 +1494,6 @@ libs:
  - test/core/util/trickle_endpoint.h
  src:
  - test/core/util/cmdline.cc
-  - test/core/util/eval_args_mock_endpoint.cc
  - test/core/util/fuzzer_util.cc
  - test/core/util/grpc_profiler.cc
  - test/core/util/histogram.cc
@ -1526,11 +1526,12 @@ libs:
  public_headers: []
  headers:
  - test/core/util/cmdline.h
-  - test/core/util/eval_args_mock_endpoint.h
+  - test/core/util/evaluate_args_test_util.h
  - test/core/util/fuzzer_util.h
  - test/core/util/grpc_profiler.h
  - test/core/util/histogram.h
  - test/core/util/memory_counters.h
+  - test/core/util/mock_authorization_endpoint.h
  - test/core/util/mock_endpoint.h
  - test/core/util/parse_hexstring.h
  - test/core/util/passthru_endpoint.h
@ -1547,7 +1548,6 @@ libs:
  - test/core/util/trickle_endpoint.h
  src:
  - test/core/util/cmdline.cc
-  - test/core/util/eval_args_mock_endpoint.cc
  - test/core/util/fuzzer_util.cc
  - test/core/util/grpc_profiler.cc
  - test/core/util/histogram.cc
@ -6515,11 +6515,12 @@ targets:
  language: c++
  headers:
  - test/core/util/cmdline.h
-  - test/core/util/eval_args_mock_endpoint.h
+  - test/core/util/evaluate_args_test_util.h
  - test/core/util/fuzzer_util.h
  - test/core/util/grpc_profiler.h
  - test/core/util/histogram.h
  - test/core/util/memory_counters.h
+  - test/core/util/mock_authorization_endpoint.h
  - test/core/util/mock_endpoint.h
  - test/core/util/parse_hexstring.h
  - test/core/util/passthru_endpoint.h
@ -6539,7 +6540,6 @@ targets:
  - src/proto/grpc/testing/echo_messages.proto
  - src/proto/grpc/testing/simple_messages.proto
  - test/core/util/cmdline.cc
-  - test/core/util/eval_args_mock_endpoint.cc
  - test/core/util/fuzzer_util.cc
  - test/core/util/grpc_profiler.cc
  - test/core/util/histogram.cc
--- a/gRPC-Core.podspec
+++ b/gRPC-Core.podspec
@ -2115,8 +2115,7 @@ Pod::Spec.new do |s|
                      'test/core/end2end/tests/write_buffering_at_end.cc',
                      'test/core/util/cmdline.cc',
                      'test/core/util/cmdline.h',
-                      'test/core/util/eval_args_mock_endpoint.cc',
-                      'test/core/util/eval_args_mock_endpoint.h',
+                      'test/core/util/evaluate_args_test_util.h',
                      'test/core/util/fuzzer_util.cc',
                      'test/core/util/fuzzer_util.h',
                      'test/core/util/grpc_profiler.cc',
@ -2125,6 +2124,7 @@ Pod::Spec.new do |s|
                      'test/core/util/histogram.h',
                      'test/core/util/memory_counters.cc',
                      'test/core/util/memory_counters.h',
+                      'test/core/util/mock_authorization_endpoint.h',
                      'test/core/util/mock_endpoint.cc',
                      'test/core/util/mock_endpoint.h',
                      'test/core/util/parse_hexstring.cc',
--- a/grpc.gyp
+++ b/grpc.gyp
@ -1029,7 +1029,6 @@
      ],
      'sources': [
        'test/core/util/cmdline.cc',
-        'test/core/util/eval_args_mock_endpoint.cc',
        'test/core/util/fuzzer_util.cc',
        'test/core/util/grpc_profiler.cc',
        'test/core/util/histogram.cc',
@ -1064,7 +1063,6 @@
      ],
      'sources': [
        'test/core/util/cmdline.cc',
-        'test/core/util/eval_args_mock_endpoint.cc',
        'test/core/util/fuzzer_util.cc',
        'test/core/util/grpc_profiler.cc',
        'test/core/util/histogram.cc',
--- a/src/core/lib/security/authorization/authorization_engine.cc
+++ b/src/core/lib/security/authorization/authorization_engine.cc
@ -158,7 +158,7 @@ std::unique_ptr<mock_cel::Activation> AuthorizationEngine::CreateActivation(
            kSpiffeId, mock_cel::CelValue::CreateStringView(spiffe_id));
      }
    } else if (elem == kCertServerName) {
-      absl::string_view cert_server_name(args.GetCertServerName());
+      absl::string_view cert_server_name(args.GetCommonName());
      if (!cert_server_name.empty()) {
        activation->InsertValue(
            kCertServerName,
--- a/src/core/lib/security/authorization/evaluate_args.cc
+++ b/src/core/lib/security/authorization/evaluate_args.cc
@ -1,6 +1,4 @@
-//
-//
-// Copyright 2020 gRPC authors.
+// Copyright 2021 gRPC authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@ -13,22 +11,76 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
-//

 #include <grpc/support/port_platform.h>

 #include "src/core/lib/security/authorization/evaluate_args.h"

-#include "absl/strings/str_join.h"
-
+#include "src/core/lib/gprpp/host_port.h"
 #include "src/core/lib/iomgr/parse_address.h"
-#include "src/core/lib/iomgr/resolve_address.h"
-#include "src/core/lib/iomgr/sockaddr_utils.h"
 #include "src/core/lib/slice/slice_utils.h"

 namespace grpc_core {

+namespace {
+
+absl::string_view GetAuthPropertyValue(grpc_auth_context* context,
+                                       const char* property_name) {
+  grpc_auth_property_iterator it =
+      grpc_auth_context_find_properties_by_name(context, property_name);
+  const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
+  if (prop == nullptr) {
+    gpr_log(GPR_DEBUG, "No value found for %s property.", property_name);
+    return "";
+  }
+  if (grpc_auth_property_iterator_next(&it) != nullptr) {
+    gpr_log(GPR_DEBUG, "Multiple values found for %s property.", property_name);
+    return "";
+  }
+  return absl::string_view(prop->value, prop->value_length);
+}
+
+void ParseEndpointUri(absl::string_view uri_text, std::string* address,
+                      int* port) {
+  absl::StatusOr<URI> uri = URI::Parse(uri_text);
+  if (!uri.ok()) {
+    gpr_log(GPR_DEBUG, "Failed to parse uri.");
+    return;
+  }
+  absl::string_view host_view;
+  absl::string_view port_view;
+  if (!SplitHostPort(uri->path(), &host_view, &port_view)) {
+    gpr_log(GPR_DEBUG, "Failed to split %s into host and port.",
+            uri->path().c_str());
+    return;
+  }
+  *address = std::string(host_view);
+  if (!absl::SimpleAtoi(port_view, port)) {
+    gpr_log(GPR_DEBUG, "Port %s is out of range or null.",
+            std::string(port_view).c_str());
+  }
+}
+
+}  // namespace
+
+EvaluateArgs::PerChannelArgs::PerChannelArgs(grpc_auth_context* auth_context,
+                                             grpc_endpoint* endpoint) {
+  if (auth_context != nullptr) {
+    transport_security_type = GetAuthPropertyValue(
+        auth_context, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME);
+    spiffe_id =
+        GetAuthPropertyValue(auth_context, GRPC_PEER_SPIFFE_ID_PROPERTY_NAME);
+    common_name =
+        GetAuthPropertyValue(auth_context, GRPC_X509_CN_PROPERTY_NAME);
+  }
+  if (endpoint != nullptr) {
+    ParseEndpointUri(grpc_endpoint_get_local_address(endpoint), &local_address,
+                     &local_port);
+    ParseEndpointUri(grpc_endpoint_get_peer(endpoint), &peer_address,
+                     &peer_port);
+  }
+}
+
 absl::string_view EvaluateArgs::GetPath() const {
  absl::string_view path;
  if (metadata_ != nullptr && metadata_->idx.named.path != nullptr) {
@ -83,76 +135,52 @@ absl::optional<absl::string_view> EvaluateArgs::GetHeaderValue(
 }

 absl::string_view EvaluateArgs::GetLocalAddress() const {
-  absl::string_view addr = grpc_endpoint_get_local_address(endpoint_);
-  size_t first_colon = addr.find(":");
-  size_t last_colon = addr.rfind(":");
-  if (first_colon == std::string::npos || last_colon == std::string::npos) {
+  if (channel_args_ == nullptr) {
    return "";
-  } else {
-    return addr.substr(first_colon + 1, last_colon - first_colon - 1);
  }
+  return channel_args_->local_address;
 }

 int EvaluateArgs::GetLocalPort() const {
-  if (endpoint_ == nullptr) {
+  if (channel_args_ == nullptr) {
    return 0;
  }
-  absl::StatusOr<URI> uri =
-      URI::Parse(grpc_endpoint_get_local_address(endpoint_));
-  grpc_resolved_address resolved_addr;
-  if (!uri.ok() || !grpc_parse_uri(*uri, &resolved_addr)) {
-    return 0;
-  }
-  return grpc_sockaddr_get_port(&resolved_addr);
+  return channel_args_->local_port;
 }

 absl::string_view EvaluateArgs::GetPeerAddress() const {
-  absl::string_view addr = grpc_endpoint_get_peer(endpoint_);
-  size_t first_colon = addr.find(":");
-  size_t last_colon = addr.rfind(":");
-  if (first_colon == std::string::npos || last_colon == std::string::npos) {
+  if (channel_args_ == nullptr) {
    return "";
-  } else {
-    return addr.substr(first_colon + 1, last_colon - first_colon - 1);
  }
+  return channel_args_->peer_address;
 }

 int EvaluateArgs::GetPeerPort() const {
-  if (endpoint_ == nullptr) {
-    return 0;
-  }
-  absl::StatusOr<URI> uri = URI::Parse(grpc_endpoint_get_peer(endpoint_));
-  grpc_resolved_address resolved_addr;
-  if (!uri.ok() || !grpc_parse_uri(*uri, &resolved_addr)) {
+  if (channel_args_ == nullptr) {
    return 0;
  }
-  return grpc_sockaddr_get_port(&resolved_addr);
+  return channel_args_->peer_port;
 }

-absl::string_view EvaluateArgs::GetSpiffeId() const {
-  if (auth_context_ == nullptr) {
+absl::string_view EvaluateArgs::GetTransportSecurityType() const {
+  if (channel_args_ == nullptr) {
    return "";
  }
-  grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
-      auth_context_, GRPC_PEER_SPIFFE_ID_PROPERTY_NAME);
-  const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
-  if (prop == nullptr || grpc_auth_property_iterator_next(&it) != nullptr) {
-    return "";
-  }
-  return absl::string_view(prop->value, prop->value_length);
+  return channel_args_->transport_security_type;
 }

-absl::string_view EvaluateArgs::GetCertServerName() const {
-  if (auth_context_ == nullptr) {
+absl::string_view EvaluateArgs::GetSpiffeId() const {
+  if (channel_args_ == nullptr) {
    return "";
  }
-  grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
-      auth_context_, GRPC_X509_CN_PROPERTY_NAME);
-  const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
-  if (prop == nullptr || grpc_auth_property_iterator_next(&it) != nullptr) {
+  return channel_args_->spiffe_id;
+}
+
+absl::string_view EvaluateArgs::GetCommonName() const {
+  if (channel_args_ == nullptr) {
    return "";
  }
-  return absl::string_view(prop->value, prop->value_length);
+  return channel_args_->common_name;
 }

 }  // namespace grpc_core
--- a/src/core/lib/security/authorization/evaluate_args.h
+++ b/src/core/lib/security/authorization/evaluate_args.h
@ -1,6 +1,4 @@
-//
-//
-// Copyright 2020 gRPC authors.
+// Copyright 2021 gRPC authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@ -13,8 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
-//

 #ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_EVALUATE_ARGS_H
 #define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_EVALUATE_ARGS_H
@ -33,9 +29,22 @@ namespace grpc_core {

 class EvaluateArgs {
 public:
-  EvaluateArgs(grpc_metadata_batch* metadata, grpc_auth_context* auth_context,
-               grpc_endpoint* endpoint)
-      : metadata_(metadata), auth_context_(auth_context), endpoint_(endpoint) {}
+  // Caller is responsible for ensuring auth_context outlives PerChannelArgs
+  // struct.
+  struct PerChannelArgs {
+    PerChannelArgs(grpc_auth_context* auth_context, grpc_endpoint* endpoint);
+
+    absl::string_view transport_security_type;
+    absl::string_view spiffe_id;
+    absl::string_view common_name;
+    std::string local_address;
+    int local_port = 0;
+    std::string peer_address;
+    int peer_port = 0;
+  };
+
+  EvaluateArgs(grpc_metadata_batch* metadata, PerChannelArgs* channel_args)
+      : metadata_(metadata), channel_args_(channel_args) {}

  absl::string_view GetPath() const;
  absl::string_view GetHost() const;
@ -50,19 +59,18 @@ class EvaluateArgs {
  // string_view of that string.
  absl::optional<absl::string_view> GetHeaderValue(
      absl::string_view key, std::string* concatenated_value) const;
+
  absl::string_view GetLocalAddress() const;
  int GetLocalPort() const;
  absl::string_view GetPeerAddress() const;
  int GetPeerPort() const;
+  absl::string_view GetTransportSecurityType() const;
  absl::string_view GetSpiffeId() const;
-  absl::string_view GetCertServerName() const;
-
-  // TODO(unknown): Add a getter function for source.principal
+  absl::string_view GetCommonName() const;

 private:
-  grpc_metadata_batch* metadata_;
-  grpc_auth_context* auth_context_;
-  grpc_endpoint* endpoint_;
+  grpc_metadata_batch* metadata_ = nullptr;
+  PerChannelArgs* channel_args_ = nullptr;
 };

 }  // namespace grpc_core
--- a/test/core/security/evaluate_args_test.cc
+++ b/test/core/security/evaluate_args_test.cc
@ -1,4 +1,4 @@
-// Copyright 2020 gRPC authors.
+// Copyright 2021 gRPC authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@ -17,227 +17,139 @@
 #include <gmock/gmock.h>
 #include <gtest/gtest.h>

-#include "absl/strings/string_view.h"
-
 #include "src/core/lib/security/authorization/evaluate_args.h"
-#include "test/core/util/eval_args_mock_endpoint.h"
+#include "test/core/util/evaluate_args_test_util.h"
 #include "test/core/util/test_config.h"

 namespace grpc_core {

 class EvaluateArgsTest : public ::testing::Test {
 protected:
-  void SetUp() override {
-    local_address_ = "255.255.255.255";
-    peer_address_ = "128.128.128.128";
-    local_port_ = 413;
-    peer_port_ = 314;
-    endpoint_ = CreateEvalArgsMockEndpoint(local_address_.c_str(), local_port_,
-                                           peer_address_.c_str(), peer_port_);
-    evaluate_args_ =
-        absl::make_unique<EvaluateArgs>(nullptr, nullptr, endpoint_);
-  }
-  void TearDown() override { grpc_endpoint_destroy(endpoint_); }
-  grpc_endpoint* endpoint_;
-  std::unique_ptr<EvaluateArgs> evaluate_args_;
-  std::string local_address_;
-  std::string peer_address_;
-  int local_port_;
-  int peer_port_;
+  EvaluateArgsTestUtil util_;
 };

-TEST_F(EvaluateArgsTest, TestEvaluateArgsLocalAddress) {
-  absl::string_view src_address = evaluate_args_->GetLocalAddress();
-  EXPECT_EQ(src_address, local_address_);
+TEST_F(EvaluateArgsTest, EmptyMetadata) {
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetPath(), nullptr);
+  EXPECT_EQ(args.GetMethod(), nullptr);
+  EXPECT_EQ(args.GetHost(), nullptr);
+  EXPECT_THAT(args.GetHeaders(), ::testing::ElementsAre());
+  EXPECT_EQ(args.GetHeaderValue("some_key", nullptr), absl::nullopt);
 }

-TEST_F(EvaluateArgsTest, TestEvaluateArgsLocalPort) {
-  int src_port = evaluate_args_->GetLocalPort();
-  EXPECT_EQ(src_port, local_port_);
+TEST_F(EvaluateArgsTest, GetPathSuccess) {
+  util_.AddPairToMetadata(":path", "/expected/path");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetPath(), "/expected/path");
 }

-TEST_F(EvaluateArgsTest, TestEvaluateArgsPeerAddress) {
-  absl::string_view dest_address = evaluate_args_->GetPeerAddress();
-  EXPECT_EQ(dest_address, peer_address_);
+TEST_F(EvaluateArgsTest, GetHostSuccess) {
+  util_.AddPairToMetadata("host", "host123");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetHost(), "host123");
 }

-TEST_F(EvaluateArgsTest, TestEvaluateArgsPeerPort) {
-  int dest_port = evaluate_args_->GetPeerPort();
-  EXPECT_EQ(dest_port, peer_port_);
+TEST_F(EvaluateArgsTest, GetMethodSuccess) {
+  util_.AddPairToMetadata(":method", "GET");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetMethod(), "GET");
 }

-TEST(EvaluateArgsMetadataTest, HandlesNullMetadata) {
-  EvaluateArgs eval_args(nullptr, nullptr, nullptr);
-  EXPECT_EQ(eval_args.GetPath(), nullptr);
-  EXPECT_EQ(eval_args.GetMethod(), nullptr);
-  EXPECT_EQ(eval_args.GetHost(), nullptr);
-  EXPECT_THAT(eval_args.GetHeaders(), ::testing::ElementsAre());
-  EXPECT_EQ(eval_args.GetHeaderValue("some_key", nullptr), absl::nullopt);
+TEST_F(EvaluateArgsTest, GetHeadersSuccess) {
+  util_.AddPairToMetadata("host", "host123");
+  util_.AddPairToMetadata(":path", "/expected/path");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_THAT(args.GetHeaders(),
+              ::testing::UnorderedElementsAre(
+                  ::testing::Pair("host", "host123"),
+                  ::testing::Pair(":path", "/expected/path")));
 }

-TEST(EvaluateArgsMetadataTest, HandlesEmptyMetadata) {
-  grpc_metadata_batch metadata;
-  grpc_metadata_batch_init(&metadata);
-  EvaluateArgs eval_args(&metadata, nullptr, nullptr);
-  EXPECT_EQ(eval_args.GetPath(), nullptr);
-  EXPECT_EQ(eval_args.GetMethod(), nullptr);
-  EXPECT_EQ(eval_args.GetHost(), nullptr);
-  EXPECT_THAT(eval_args.GetHeaders(), ::testing::ElementsAre());
-  EXPECT_EQ(eval_args.GetHeaderValue("some_key", nullptr), absl::nullopt);
-  grpc_metadata_batch_destroy(&metadata);
+TEST_F(EvaluateArgsTest, GetHeaderValueSuccess) {
+  util_.AddPairToMetadata("key123", "value123");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  std::string concatenated_value;
+  absl::optional<absl::string_view> value =
+      args.GetHeaderValue("key123", &concatenated_value);
+  ASSERT_TRUE(value.has_value());
+  EXPECT_EQ(value.value(), "value123");
 }

-TEST(EvaluateArgsMetadataTest, GetPathSuccess) {
-  grpc_init();
-  const char* kPath = "/some/path";
-  grpc_metadata_batch metadata;
-  grpc_metadata_batch_init(&metadata);
-  grpc_slice fake_val = grpc_slice_intern(grpc_slice_from_static_string(kPath));
-  grpc_mdelem fake_val_md = grpc_mdelem_from_slices(GRPC_MDSTR_PATH, fake_val);
-  grpc_linked_mdelem storage;
-  storage.md = fake_val_md;
-  ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage),
-            GRPC_ERROR_NONE);
-  EvaluateArgs eval_args(&metadata, nullptr, nullptr);
-  EXPECT_EQ(eval_args.GetPath(), kPath);
-  grpc_metadata_batch_destroy(&metadata);
-  grpc_shutdown();
+TEST_F(EvaluateArgsTest, TestIpv4LocalAddressAndPort) {
+  util_.SetLocalEndpoint("ipv4:255.255.255.255:123");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetLocalAddress(), "255.255.255.255");
+  EXPECT_EQ(args.GetLocalPort(), 123);
 }

-TEST(EvaluateArgsMetadataTest, GetHostSuccess) {
-  grpc_init();
-  const char* kHost = "host";
-  grpc_metadata_batch metadata;
-  grpc_metadata_batch_init(&metadata);
-  grpc_slice fake_val = grpc_slice_intern(grpc_slice_from_static_string(kHost));
-  grpc_mdelem fake_val_md = grpc_mdelem_from_slices(GRPC_MDSTR_HOST, fake_val);
-  grpc_linked_mdelem storage;
-  storage.md = fake_val_md;
-  ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage),
-            GRPC_ERROR_NONE);
-  EvaluateArgs eval_args(&metadata, nullptr, nullptr);
-  EXPECT_EQ(eval_args.GetHost(), kHost);
-  grpc_metadata_batch_destroy(&metadata);
-  grpc_shutdown();
+TEST_F(EvaluateArgsTest, TestIpv4PeerAddressAndPort) {
+  util_.SetPeerEndpoint("ipv4:128.128.128.128:321");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetPeerAddress(), "128.128.128.128");
+  EXPECT_EQ(args.GetPeerPort(), 321);
 }

-TEST(EvaluateArgsMetadataTest, GetMethodSuccess) {
-  grpc_init();
-  const char* kMethod = "GET";
-  grpc_metadata_batch metadata;
-  grpc_metadata_batch_init(&metadata);
-  grpc_slice fake_val =
-      grpc_slice_intern(grpc_slice_from_static_string(kMethod));
-  grpc_mdelem fake_val_md =
-      grpc_mdelem_from_slices(GRPC_MDSTR_METHOD, fake_val);
-  grpc_linked_mdelem storage;
-  storage.md = fake_val_md;
-  ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage),
-            GRPC_ERROR_NONE);
-  EvaluateArgs eval_args(&metadata, nullptr, nullptr);
-  EXPECT_EQ(eval_args.GetMethod(), kMethod);
-  grpc_metadata_batch_destroy(&metadata);
-  grpc_shutdown();
+TEST_F(EvaluateArgsTest, TestIpv6LocalAddressAndPort) {
+  util_.SetLocalEndpoint("ipv6:[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:456");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetLocalAddress(), "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+  EXPECT_EQ(args.GetLocalPort(), 456);
 }

-TEST(EvaluateArgsMetadataTest, GetHeadersSuccess) {
-  grpc_init();
-  const char* kPath = "/some/path";
-  const char* kHost = "host";
-  grpc_metadata_batch metadata;
-  grpc_metadata_batch_init(&metadata);
-  grpc_slice fake_path =
-      grpc_slice_intern(grpc_slice_from_static_string(kPath));
-  grpc_mdelem fake_path_md =
-      grpc_mdelem_from_slices(GRPC_MDSTR_PATH, fake_path);
-  grpc_linked_mdelem storage;
-  storage.md = fake_path_md;
-  ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage, GRPC_BATCH_PATH),
-            GRPC_ERROR_NONE);
-  grpc_slice fake_host =
-      grpc_slice_intern(grpc_slice_from_static_string(kHost));
-  grpc_mdelem fake_host_md =
-      grpc_mdelem_from_slices(GRPC_MDSTR_HOST, fake_host);
-  grpc_linked_mdelem storage2;
-  storage2.md = fake_host_md;
-  ASSERT_EQ(
-      grpc_metadata_batch_link_tail(&metadata, &storage2, GRPC_BATCH_HOST),
-      GRPC_ERROR_NONE);
-  EvaluateArgs eval_args(&metadata, nullptr, nullptr);
-  EXPECT_THAT(
-      eval_args.GetHeaders(),
-      ::testing::UnorderedElementsAre(
-          ::testing::Pair(StringViewFromSlice(GRPC_MDSTR_HOST), kHost),
-          ::testing::Pair(StringViewFromSlice(GRPC_MDSTR_PATH), kPath)));
-  grpc_metadata_batch_destroy(&metadata);
-  grpc_shutdown();
+TEST_F(EvaluateArgsTest, TestIpv6PeerAddressAndPort) {
+  util_.SetPeerEndpoint("ipv6:[2001:db8::1]:654");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetPeerAddress(), "2001:db8::1");
+  EXPECT_EQ(args.GetPeerPort(), 654);
 }

-TEST(EvaluateArgsMetadataTest, GetHeaderValueSuccess) {
-  grpc_init();
-  const char* kKey = "some_key";
-  const char* kValue = "some_value";
-  grpc_metadata_batch metadata;
-  grpc_metadata_batch_init(&metadata);
-  grpc_linked_mdelem storage;
-  storage.md = grpc_mdelem_from_slices(
-      grpc_slice_intern(grpc_slice_from_static_string(kKey)),
-      grpc_slice_intern(grpc_slice_from_static_string(kValue)));
-  ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage),
-            GRPC_ERROR_NONE);
-  EvaluateArgs eval_args(&metadata, nullptr, nullptr);
-  std::string concatenated_value;
-  absl::optional<absl::string_view> value =
-      eval_args.GetHeaderValue(kKey, &concatenated_value);
-  ASSERT_TRUE(value.has_value());
-  EXPECT_EQ(value.value(), kValue);
-  grpc_metadata_batch_destroy(&metadata);
-  grpc_shutdown();
+TEST_F(EvaluateArgsTest, EmptyAuthContext) {
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_TRUE(args.GetTransportSecurityType().empty());
+  EXPECT_TRUE(args.GetSpiffeId().empty());
+  EXPECT_TRUE(args.GetCommonName().empty());
 }

-TEST(EvaluateArgsAuthContextTest, HandlesNullAuthContext) {
-  EvaluateArgs eval_args(nullptr, nullptr, nullptr);
-  EXPECT_EQ(eval_args.GetSpiffeId(), nullptr);
-  EXPECT_EQ(eval_args.GetCertServerName(), nullptr);
+TEST_F(EvaluateArgsTest, GetTransportSecurityTypeSuccessOneProperty) {
+  util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
+                                 "ssl");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetTransportSecurityType(), "ssl");
 }

-TEST(EvaluateArgsAuthContextTest, HandlesEmptyAuthCtx) {
-  grpc_auth_context auth_context(nullptr);
-  EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
-  EXPECT_EQ(eval_args.GetSpiffeId(), nullptr);
-  EXPECT_EQ(eval_args.GetCertServerName(), nullptr);
+TEST_F(EvaluateArgsTest, GetTransportSecurityTypeFailDuplicateProperty) {
+  util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
+                                 "type1");
+  util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
+                                 "type2");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_TRUE(args.GetTransportSecurityType().empty());
 }

-TEST(EvaluateArgsAuthContextTest, GetSpiffeIdSuccessOneProperty) {
-  grpc_auth_context auth_context(nullptr);
-  const char* kId = "spiffeid";
-  auth_context.add_cstring_property(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, kId);
-  EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
-  EXPECT_EQ(eval_args.GetSpiffeId(), kId);
+TEST_F(EvaluateArgsTest, GetSpiffeIdSuccessOneProperty) {
+  util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id123");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetSpiffeId(), "id123");
 }

-TEST(EvaluateArgsAuthContextTest, GetSpiffeIdFailDuplicateProperty) {
-  grpc_auth_context auth_context(nullptr);
-  auth_context.add_cstring_property(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id1");
-  auth_context.add_cstring_property(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id2");
-  EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
-  EXPECT_EQ(eval_args.GetSpiffeId(), nullptr);
+TEST_F(EvaluateArgsTest, GetSpiffeIdFailDuplicateProperty) {
+  util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id123");
+  util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id456");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_TRUE(args.GetSpiffeId().empty());
 }

-TEST(EvaluateArgsAuthContextTest, GetCertServerNameSuccessOneProperty) {
-  grpc_auth_context auth_context(nullptr);
-  const char* kServer = "server";
-  auth_context.add_cstring_property(GRPC_X509_CN_PROPERTY_NAME, kServer);
-  EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
-  EXPECT_EQ(eval_args.GetCertServerName(), kServer);
+TEST_F(EvaluateArgsTest, GetCommonNameSuccessOneProperty) {
+  util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server123");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_EQ(args.GetCommonName(), "server123");
 }

-TEST(EvaluateArgsAuthContextTest, GetCertServerNameFailDuplicateProperty) {
-  grpc_auth_context auth_context(nullptr);
-  auth_context.add_cstring_property(GRPC_X509_CN_PROPERTY_NAME, "server1");
-  auth_context.add_cstring_property(GRPC_X509_CN_PROPERTY_NAME, "server2");
-  EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
-  EXPECT_EQ(eval_args.GetCertServerName(), nullptr);
+TEST_F(EvaluateArgsTest, GetCommonNameFailDuplicateProperty) {
+  util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server123");
+  util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server456");
+  EvaluateArgs args = util_.MakeEvaluateArgs();
+  EXPECT_TRUE(args.GetCommonName().empty());
 }

 }  // namespace grpc_core
@ -245,5 +157,8 @@ TEST(EvaluateArgsAuthContextTest, GetCertServerNameFailDuplicateProperty) {
 int main(int argc, char** argv) {
  grpc::testing::TestEnvironment env(argc, argv);
  ::testing::InitGoogleTest(&argc, argv);
-  return RUN_ALL_TESTS();
+  grpc_init();
+  int ret = RUN_ALL_TESTS();
+  grpc_shutdown();
+  return ret;
 }
--- a/test/core/util/BUILD
+++ b/test/core/util/BUILD
@ -25,7 +25,6 @@ grpc_cc_library(
    name = "grpc_test_util_base",
    srcs = [
        "cmdline.cc",
-        "eval_args_mock_endpoint.cc",
        "fuzzer_util.cc",
        "grpc_profiler.cc",
        "histogram.cc",
@ -48,11 +47,12 @@ grpc_cc_library(
    ],
    hdrs = [
        "cmdline.h",
-        "eval_args_mock_endpoint.h",
+        "evaluate_args_test_util.h",
        "fuzzer_util.h",
        "grpc_profiler.h",
        "histogram.h",
        "memory_counters.h",
+        "mock_authorization_endpoint.h",
        "mock_endpoint.h",
        "parse_hexstring.h",
        "passthru_endpoint.h",
--- a/test/core/util/eval_args_mock_endpoint.cc
+++ b/test/core/util/eval_args_mock_endpoint.cc
@ -1,119 +0,0 @@
-// Copyright 2020 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <grpc/support/port_platform.h>
-
-#include "test/core/util/eval_args_mock_endpoint.h"
-
-#include <inttypes.h>
-
-#include <string>
-
-#include "absl/strings/str_format.h"
-
-#include <grpc/support/alloc.h>
-#include <grpc/support/string_util.h>
-#include "src/core/lib/iomgr/sockaddr.h"
-#include "src/core/lib/iomgr/sockaddr_utils.h"
-
-namespace grpc_core {
-
-class EvalArgsMockEndpoint {
- public:
-  EvalArgsMockEndpoint(absl::string_view local_uri, absl::string_view peer_uri)
-      : local_address_(local_uri), peer_(peer_uri) {
-    base_.vtable = &vtable_;
-  }
-  grpc_endpoint* base() const { return const_cast<grpc_endpoint*>(&base_); }
-  static void Read(grpc_endpoint* /*ep*/, grpc_slice_buffer* /*slices*/,
-                   grpc_closure* /*cb*/, bool /*unused*/) {}
-  static void Write(grpc_endpoint* /*ep*/, grpc_slice_buffer* /*slices*/,
-                    grpc_closure* /*cb*/, void* /*unused*/) {}
-  static void AddToPollset(grpc_endpoint* /*ep*/, grpc_pollset* /*unused*/) {}
-  static void AddToPollsetSet(grpc_endpoint* /*ep*/,
-                              grpc_pollset_set* /*unused*/) {}
-  static void DeleteFromPollsetSet(grpc_endpoint* /*ep*/,
-                                   grpc_pollset_set* /*unused*/) {}
-  static void Shutdown(grpc_endpoint* /*ep*/, grpc_error* /*why*/) {}
-  static void Destroy(grpc_endpoint* ep) {
-    EvalArgsMockEndpoint* m = reinterpret_cast<EvalArgsMockEndpoint*>(ep);
-    delete m;
-  }
-
-  static absl::string_view GetPeer(grpc_endpoint* ep) {
-    EvalArgsMockEndpoint* m = reinterpret_cast<EvalArgsMockEndpoint*>(ep);
-    return m->peer_;
-  }
-
-  static absl::string_view GetLocalAddress(grpc_endpoint* ep) {
-    EvalArgsMockEndpoint* m = reinterpret_cast<EvalArgsMockEndpoint*>(ep);
-    return m->local_address_;
-  }
-
-  static grpc_resource_user* GetResourceUser(grpc_endpoint* /*ep*/) {
-    return nullptr;
-  }
-
-  static int GetFd(grpc_endpoint* /*unused*/) { return -1; }
-  static bool CanTrackErr(grpc_endpoint* /*unused*/) { return false; }
-
- private:
-  static constexpr grpc_endpoint_vtable vtable_ = {
-      EvalArgsMockEndpoint::Read,
-      EvalArgsMockEndpoint::Write,
-      EvalArgsMockEndpoint::AddToPollset,
-      EvalArgsMockEndpoint::AddToPollsetSet,
-      EvalArgsMockEndpoint::DeleteFromPollsetSet,
-      EvalArgsMockEndpoint::Shutdown,
-      EvalArgsMockEndpoint::Destroy,
-      EvalArgsMockEndpoint::GetResourceUser,
-      EvalArgsMockEndpoint::GetPeer,
-      EvalArgsMockEndpoint::GetLocalAddress,
-      EvalArgsMockEndpoint::GetFd,
-      EvalArgsMockEndpoint::CanTrackErr};
-  grpc_endpoint base_;
-  std::string local_address_;
-  std::string peer_;
-};
-
-constexpr grpc_endpoint_vtable EvalArgsMockEndpoint::vtable_;
-
-namespace {
-
-std::string NameAndPortToURI(const char* addr, const int port) {
-  grpc_sockaddr_in address;
-  memset(&address, 0, sizeof(address));
-  address.sin_family = AF_INET;
-  address.sin_port = htons(port);
-  inet_pton(AF_INET, addr, &address.sin_addr);
-  grpc_resolved_address resolved;
-  memset(&resolved, 0, sizeof(resolved));
-  memcpy(resolved.addr, &address, sizeof(address));
-  resolved.len = sizeof(address);
-  return grpc_sockaddr_to_uri(&resolved);
-}
-
-}  // namespace
-
-grpc_endpoint* CreateEvalArgsMockEndpoint(const char* local_address,
-                                          const int local_port,
-                                          const char* peer_address,
-                                          const int peer_port) {
-  EvalArgsMockEndpoint* m =
-      new EvalArgsMockEndpoint(NameAndPortToURI(local_address, local_port),
-                               NameAndPortToURI(peer_address, peer_port));
-  return m->base();
-}
-
-}  // namespace grpc_core
--- a/test/core/util/eval_args_mock_endpoint.h
+++ b/test/core/util/eval_args_mock_endpoint.h
@ -1,31 +0,0 @@
-// Copyright 2020 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef GRPC_TEST_CORE_UTIL_EVAL_ARGS_MOCK_ENDPOINT_H
-#define GRPC_TEST_CORE_UTIL_EVAL_ARGS_MOCK_ENDPOINT_H
-
-#include <grpc/support/port_platform.h>
-
-#include "src/core/lib/iomgr/endpoint.h"
-
-namespace grpc_core {
-
-grpc_endpoint* CreateEvalArgsMockEndpoint(const char* local_address,
-                                          const int local_port,
-                                          const char* peer_address,
-                                          const int peer_port);
-
-}  // namespace grpc_core
-
-#endif  // GRPC_TEST_CORE_UTIL_EVAL_ARGS_MOCK_ENDPOINT_H
--- a/test/core/util/evaluate_args_test_util.h
+++ b/test/core/util/evaluate_args_test_util.h
@ -0,0 +1,79 @@
+// Copyright 2021 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef GRPC_TEST_CORE_UTIL_EVALUATE_ARGS_TEST_UTIL_H
+#define GRPC_TEST_CORE_UTIL_EVALUATE_ARGS_TEST_UTIL_H
+
+#include <grpc/support/port_platform.h>
+
+#include <list>
+
+#include <gtest/gtest.h>
+
+#include "src/core/lib/security/authorization/evaluate_args.h"
+#include "src/core/lib/security/context/security_context.h"
+#include "src/core/lib/transport/metadata_batch.h"
+#include "test/core/util/mock_authorization_endpoint.h"
+
+namespace grpc_core {
+
+class EvaluateArgsTestUtil {
+ public:
+  EvaluateArgsTestUtil() { grpc_metadata_batch_init(&metadata_); }
+
+  ~EvaluateArgsTestUtil() {
+    grpc_metadata_batch_destroy(&metadata_);
+    delete channel_args_;
+  }
+
+  void AddPairToMetadata(const char* key, const char* value) {
+    metadata_storage_.emplace_back();
+    auto& storage = metadata_storage_.back();
+    ASSERT_EQ(grpc_metadata_batch_add_tail(
+                  &metadata_, &storage,
+                  grpc_mdelem_from_slices(
+                      grpc_slice_intern(grpc_slice_from_static_string(key)),
+                      grpc_slice_intern(grpc_slice_from_static_string(value)))),
+              GRPC_ERROR_NONE);
+  }
+
+  void SetLocalEndpoint(absl::string_view local_uri) {
+    endpoint_.SetLocalAddress(local_uri);
+  }
+
+  void SetPeerEndpoint(absl::string_view peer_uri) {
+    endpoint_.SetPeer(peer_uri);
+  }
+
+  void AddPropertyToAuthContext(const char* name, const char* value) {
+    auth_context_.add_cstring_property(name, value);
+  }
+
+  EvaluateArgs MakeEvaluateArgs() {
+    channel_args_ =
+        new EvaluateArgs::PerChannelArgs(&auth_context_, &endpoint_);
+    return EvaluateArgs(&metadata_, channel_args_);
+  }
+
+ private:
+  std::list<grpc_linked_mdelem> metadata_storage_;
+  grpc_metadata_batch metadata_;
+  MockAuthorizationEndpoint endpoint_{/*local_uri=*/"", /*peer_uri=*/""};
+  grpc_auth_context auth_context_{nullptr};
+  EvaluateArgs::PerChannelArgs* channel_args_ = nullptr;
+};
+
+}  // namespace grpc_core
+
+#endif  // GRPC_TEST_CORE_UTIL_EVALUATE_ARGS_TEST_UTIL_H
--- a/test/core/util/mock_authorization_endpoint.h
+++ b/test/core/util/mock_authorization_endpoint.h
@ -0,0 +1,62 @@
+// Copyright 2021 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef GRPC_TEST_CORE_UTIL_MOCK_AUTHORIZATION_ENDPOINT_H
+#define GRPC_TEST_CORE_UTIL_MOCK_AUTHORIZATION_ENDPOINT_H
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/lib/iomgr/endpoint.h"
+
+namespace grpc_core {
+
+class MockAuthorizationEndpoint : public grpc_endpoint {
+ public:
+  MockAuthorizationEndpoint(absl::string_view local_uri,
+                            absl::string_view peer_uri)
+      : local_address_(local_uri), peer_address_(peer_uri) {
+    static constexpr grpc_endpoint_vtable vtable = {
+        nullptr, nullptr, nullptr, nullptr,         nullptr, nullptr,
+        nullptr, nullptr, GetPeer, GetLocalAddress, nullptr, nullptr};
+    grpc_endpoint::vtable = &vtable;
+  }
+
+  static absl::string_view GetPeer(grpc_endpoint* ep) {
+    MockAuthorizationEndpoint* m =
+        reinterpret_cast<MockAuthorizationEndpoint*>(ep);
+    return m->peer_address_;
+  }
+
+  static absl::string_view GetLocalAddress(grpc_endpoint* ep) {
+    MockAuthorizationEndpoint* m =
+        reinterpret_cast<MockAuthorizationEndpoint*>(ep);
+    return m->local_address_;
+  }
+
+  void SetPeer(absl::string_view peer_address) {
+    peer_address_ = std::string(peer_address);
+  }
+
+  void SetLocalAddress(absl::string_view local_address) {
+    local_address_ = std::string(local_address);
+  }
+
+ private:
+  std::string local_address_;
+  std::string peer_address_;
+};
+
+}  // namespace grpc_core
+
+#endif  // GRPC_TEST_CORE_UTIL_MOCK_AUTHORIZATION_ENDPOINT_H