diff options
author | Yihua Zhang <yihuaz@google.com> | 2018-03-06 21:40:45 -0800 |
---|---|---|
committer | Yihua Zhang <yihuaz@google.com> | 2018-03-06 21:40:45 -0800 |
commit | eaf64866777a42996835606e9c3626c974e728c5 (patch) | |
tree | 04c693051ba14d798554543123e9b7001d1a3e83 /test/core/security | |
parent | 14b470ac8f59ab1dc88c53335efa84f4849f3fa9 (diff) |
Add ALTS code to grpc/core
Diffstat (limited to 'test/core/security')
-rw-r--r-- | test/core/security/BUILD | 36 | ||||
-rw-r--r-- | test/core/security/alts_security_connector_test.cc | 166 | ||||
-rw-r--r-- | test/core/security/check_gcp_environment_linux_test.cc | 83 | ||||
-rw-r--r-- | test/core/security/check_gcp_environment_windows_test.cc | 71 | ||||
-rw-r--r-- | test/core/security/grpc_alts_credentials_options_test.cc | 118 |
5 files changed, 474 insertions, 0 deletions
diff --git a/test/core/security/BUILD b/test/core/security/BUILD index 9776e6d5fd..68de2d169f 100644 --- a/test/core/security/BUILD +++ b/test/core/security/BUILD @@ -161,3 +161,39 @@ grpc_cc_binary( "//test/core/util:grpc_test_util", ], ) + +grpc_cc_test( + name = "check_gcp_environment_linux_test", + srcs = ["check_gcp_environment_linux_test.cc"], + language = "C++", + deps = [ + "//:grpc", + ], +) + +grpc_cc_test( + name = "check_gcp_environment_windows_test", + srcs = ["check_gcp_environment_windows_test.cc"], + language = "C++", + deps = [ + "//:grpc", + ], +) + +grpc_cc_test( + name = "grpc_alts_credentials_options_test", + srcs = ["grpc_alts_credentials_options_test.cc"], + language = "C++", + deps = [ + "//:grpc", + ], +) + +grpc_cc_test( + name = "alts_security_connector_test", + srcs = ["alts_security_connector_test.cc"], + language = "C++", + deps = [ + "//:grpc", + ], +) diff --git a/test/core/security/alts_security_connector_test.cc b/test/core/security/alts_security_connector_test.cc new file mode 100644 index 0000000000..103a493526 --- /dev/null +++ b/test/core/security/alts_security_connector_test.cc @@ -0,0 +1,166 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <grpc/grpc.h> +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> + +#include "src/core/lib/security/security_connector/alts_security_connector.h" +#include "src/core/lib/transport/transport.h" +#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" +#include "src/core/tsi/transport_security.h" + +using grpc_core::internal::grpc_alts_auth_context_from_tsi_peer; + +/* This file contains unit tests of grpc_alts_auth_context_from_tsi_peer(). */ +static void test_invalid_input_failure() { + tsi_peer peer; + grpc_auth_context* ctx; + GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(nullptr, &ctx) == + GRPC_SECURITY_ERROR); + GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, nullptr) == + GRPC_SECURITY_ERROR); +} + +static void test_empty_certificate_type_failure() { + tsi_peer peer; + grpc_auth_context* ctx = nullptr; + GPR_ASSERT(tsi_construct_peer(0, &peer) == TSI_OK); + GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == + GRPC_SECURITY_ERROR); + GPR_ASSERT(ctx == nullptr); + tsi_peer_destruct(&peer); +} + +static void test_empty_peer_property_failure() { + tsi_peer peer; + grpc_auth_context* ctx; + GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == + GRPC_SECURITY_ERROR); + GPR_ASSERT(ctx == nullptr); + tsi_peer_destruct(&peer); +} + +static void test_missing_rpc_protocol_versions_property_failure() { + tsi_peer peer; + grpc_auth_context* ctx; + GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", + &peer.properties[1]) == TSI_OK); + GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == + GRPC_SECURITY_ERROR); + GPR_ASSERT(ctx == nullptr); + tsi_peer_destruct(&peer); +} + +static void test_unknown_peer_property_failure() { + tsi_peer peer; + grpc_auth_context* ctx; + GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + "unknown", "alice", &peer.properties[1]) == TSI_OK); + GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == + GRPC_SECURITY_ERROR); + GPR_ASSERT(ctx == nullptr); + tsi_peer_destruct(&peer); +} + +static bool test_identity(const grpc_auth_context* ctx, + const char* expected_property_name, + const char* expected_identity) { + grpc_auth_property_iterator it; + const grpc_auth_property* prop; + GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); + it = grpc_auth_context_peer_identity(ctx); + prop = grpc_auth_property_iterator_next(&it); + GPR_ASSERT(prop != nullptr); + if (strcmp(prop->name, expected_property_name) != 0) { + gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.", + expected_property_name, prop->name); + return false; + } + if (strncmp(prop->value, expected_identity, prop->value_length) != 0) { + gpr_log(GPR_ERROR, "Expected peer identity %s and got got %s.", + expected_identity, prop->value); + return false; + } + return true; +} + +static void test_alts_peer_to_auth_context_success() { + tsi_peer peer; + grpc_auth_context* ctx; + GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", + &peer.properties[1]) == TSI_OK); + grpc_gcp_rpc_protocol_versions peer_versions; + grpc_gcp_rpc_protocol_versions_set_max(&peer_versions, + GRPC_PROTOCOL_VERSION_MAX_MAJOR, + GRPC_PROTOCOL_VERSION_MAX_MINOR); + grpc_gcp_rpc_protocol_versions_set_min(&peer_versions, + GRPC_PROTOCOL_VERSION_MIN_MAJOR, + GRPC_PROTOCOL_VERSION_MIN_MINOR); + grpc_slice serialized_peer_versions; + GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&peer_versions, + &serialized_peer_versions)); + + GPR_ASSERT(tsi_construct_string_peer_property( + TSI_ALTS_RPC_VERSIONS, + reinterpret_cast<char*>( + GRPC_SLICE_START_PTR(serialized_peer_versions)), + GRPC_SLICE_LENGTH(serialized_peer_versions), + &peer.properties[2]) == TSI_OK); + GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) == + GRPC_SECURITY_OK); + GPR_ASSERT( + test_identity(ctx, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice")); + GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); + grpc_slice_unref(serialized_peer_versions); + tsi_peer_destruct(&peer); +} + +int main(int argc, char** argv) { + /* Test. */ + test_invalid_input_failure(); + test_empty_certificate_type_failure(); + test_empty_peer_property_failure(); + test_unknown_peer_property_failure(); + test_missing_rpc_protocol_versions_property_failure(); + test_alts_peer_to_auth_context_success(); + + return 0; +} diff --git a/test/core/security/check_gcp_environment_linux_test.cc b/test/core/security/check_gcp_environment_linux_test.cc new file mode 100644 index 0000000000..6c436a3945 --- /dev/null +++ b/test/core/security/check_gcp_environment_linux_test.cc @@ -0,0 +1,83 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" + +#if GPR_LINUX + +#include <stdio.h> +#include <string.h> + +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> + +#include "src/core/lib/gpr/tmpfile.h" + +static bool check_bios_data_linux_test(const char* data) { + /* Create a file with contents data. */ + char* filename = nullptr; + FILE* fp = gpr_tmpfile("check_gcp_environment_test", &filename); + GPR_ASSERT(filename != nullptr); + GPR_ASSERT(fp != nullptr); + GPR_ASSERT(fwrite(data, 1, strlen(data), fp) == strlen(data)); + fclose(fp); + bool result = grpc_core::internal::check_bios_data( + reinterpret_cast<const char*>(filename)); + /* Cleanup. */ + remove(filename); + gpr_free(filename); + return result; +} + +static void test_gcp_environment_check_success() { + /* Exact match. */ + GPR_ASSERT(check_bios_data_linux_test("Google")); + GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine")); + /* With leading and trailing whitespaces. */ + GPR_ASSERT(check_bios_data_linux_test(" Google ")); + GPR_ASSERT(check_bios_data_linux_test("Google ")); + GPR_ASSERT(check_bios_data_linux_test(" Google")); + GPR_ASSERT(check_bios_data_linux_test(" Google Compute Engine ")); + GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine ")); + GPR_ASSERT(check_bios_data_linux_test(" Google Compute Engine")); + /* With leading and trailing \t and \n. */ + GPR_ASSERT(check_bios_data_linux_test("\t\tGoogle Compute Engine\t")); + GPR_ASSERT(check_bios_data_linux_test("Google Compute Engine\n")); + GPR_ASSERT(check_bios_data_linux_test("\n\n\tGoogle Compute Engine \n\t\t")); +} + +static void test_gcp_environment_check_failure() { + GPR_ASSERT(!check_bios_data_linux_test("non_existing-file")); + GPR_ASSERT(!check_bios_data_linux_test("Google-Chrome")); + GPR_ASSERT(!check_bios_data_linux_test("Amazon")); + GPR_ASSERT(!check_bios_data_linux_test("Google-Chrome\t\t")); + GPR_ASSERT(!check_bios_data_linux_test("Amazon")); +} + +int main(int argc, char** argv) { + /* Tests. */ + test_gcp_environment_check_success(); + test_gcp_environment_check_failure(); + return 0; +} + +#else // GPR_LINUX + +int main(int argc, char** argv) { return 0; } + +#endif // GPR_LINUX diff --git a/test/core/security/check_gcp_environment_windows_test.cc b/test/core/security/check_gcp_environment_windows_test.cc new file mode 100644 index 0000000000..46179b747d --- /dev/null +++ b/test/core/security/check_gcp_environment_windows_test.cc @@ -0,0 +1,71 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" + +#ifdef GPR_WINDOWS + +#include <stdio.h> +#include <string.h> + +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> +#include "src/core/lib/gpr/tmpfile.h" + +static bool check_bios_data_windows_test(const char* data) { + /* Create a file with contents data. */ + char* filename = nullptr; + FILE* fp = gpr_tmpfile("check_gcp_environment_test", &filename); + GPR_ASSERT(filename != nullptr); + GPR_ASSERT(fp != nullptr); + GPR_ASSERT(fwrite(data, 1, strlen(data), fp) == strlen(data)); + fclose(fp); + bool result = grpc_core::internal::check_bios_data( + reinterpret_cast<const char*>(filename)); + /* Cleanup. */ + remove(filename); + gpr_free(filename); + return result; +} + +static void test_gcp_environment_check_success() { + GPR_ASSERT(check_bios_data_windows_test("Google")); + GPR_ASSERT(check_bios_data_windows_test("Google\n")); + GPR_ASSERT(check_bios_data_windows_test("Google\r")); + GPR_ASSERT(check_bios_data_windows_test("Google\r\n")); + GPR_ASSERT(check_bios_data_windows_test(" Google \r\n")); + GPR_ASSERT(check_bios_data_windows_test(" \t\t Google\r\n")); + GPR_ASSERT(check_bios_data_windows_test(" \t\t Google\t\t \r\n")); +} + +static void test_gcp_environment_check_failure() { + GPR_ASSERT(!check_bios_data_windows_test("\t\tAmazon\n")); + GPR_ASSERT(!check_bios_data_windows_test(" Amazon\r\n")); +} + +int main(int argc, char** argv) { + /* Tests. */ + test_gcp_environment_check_success(); + test_gcp_environment_check_failure(); + return 0; +} +#else // GPR_WINDOWS + +int main(int argc, char** argv) { return 0; } + +#endif // GPR_WINDOWS diff --git a/test/core/security/grpc_alts_credentials_options_test.cc b/test/core/security/grpc_alts_credentials_options_test.cc new file mode 100644 index 0000000000..1217065507 --- /dev/null +++ b/test/core/security/grpc_alts_credentials_options_test.cc @@ -0,0 +1,118 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <grpc/grpc.h> +#include <grpc/support/log.h> + +#include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" + +#define ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1 "abc@google.com" +#define ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2 "def@google.com" + +const size_t kTargetServiceAccountNum = 2; + +static void test_add_target_service_account_failure() { + /* Initialization. */ + grpc_alts_credentials_options* options = + grpc_alts_credentials_client_options_create(); + auto client_options = + reinterpret_cast<grpc_alts_credentials_client_options*>(options); + + /* Test. */ + GPR_ASSERT(!grpc_alts_credentials_client_options_add_target_service_account( + client_options, nullptr)); + GPR_ASSERT(!grpc_alts_credentials_client_options_add_target_service_account( + nullptr, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1)); + + /* Cleanup. */ + grpc_alts_credentials_options_destroy(options); +} + +static void test_copy_client_options_failure() { + /* Initialization. */ + grpc_alts_credentials_options* options = + grpc_alts_credentials_client_options_create(); + + /* Test. */ + GPR_ASSERT(grpc_alts_credentials_options_copy(nullptr) == nullptr); + + /* Cleanup. */ + grpc_alts_credentials_options_destroy(options); +} + +static size_t get_target_service_account_num( + grpc_alts_credentials_client_options* options) { + size_t num = 0; + target_service_account* node = options->target_account_list_head; + while (node != nullptr) { + num++; + node = node->next; + } + return num; +} + +static void test_client_options_api_success() { + /* Initialization. */ + grpc_alts_credentials_options* options = + grpc_alts_credentials_client_options_create(); + auto client_options = + reinterpret_cast<grpc_alts_credentials_client_options*>(options); + + /* Set client options fields. */ + grpc_alts_credentials_client_options_add_target_service_account( + client_options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1); + grpc_alts_credentials_client_options_add_target_service_account( + client_options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2); + + /* Validate client option fields. */ + GPR_ASSERT(get_target_service_account_num(client_options) == + kTargetServiceAccountNum); + GPR_ASSERT(strcmp(client_options->target_account_list_head->data, + ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2) == 0); + GPR_ASSERT(strcmp(client_options->target_account_list_head->next->data, + ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1) == 0); + + /* Perform a copy operation and validate its correctness. */ + grpc_alts_credentials_options* new_options = + grpc_alts_credentials_options_copy(options); + auto new_client_options = + reinterpret_cast<grpc_alts_credentials_client_options*>(new_options); + + GPR_ASSERT(get_target_service_account_num(new_client_options) == + kTargetServiceAccountNum); + GPR_ASSERT(strcmp(new_client_options->target_account_list_head->data, + ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2) == 0); + GPR_ASSERT(strcmp(new_client_options->target_account_list_head->next->data, + ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1) == 0); + + /* Cleanup.*/ + grpc_alts_credentials_options_destroy(options); + grpc_alts_credentials_options_destroy(new_options); +} + +int main(int argc, char** argv) { + /* Test. */ + test_add_target_service_account_failure(); + test_copy_client_options_failure(); + test_client_options_api_success(); + return 0; +} |