diff options
| author |  jiangtaoli2016 <jiangtao@google.com> | 2018-03-23 11:28:48 -0700 |
|---|---|---|
| committer | jiangtaoli2016 <jiangtao@google.com> | 2018-03-23 11:28:48 -0700 |
| commit | 144f5559dabd2bd646acba1426647123d31c2323 (patch) | |
| tree | 1418b4a63820a9d40d82a51a6522fc770c1a27ce /test/core/tsi | |
| parent | 90af9346de2e4e6f0d45b130ce0de3d08d075c3f (diff) | |
cache default SSL root cert store
Diffstat (limited to 'test/core/tsi')
| -rw-r--r-- | test/core/tsi/ssl_transport_security_test.cc | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/test/core/tsi/ssl_transport_security_test.cc b/test/core/tsi/ssl_transport_security_test.cc index 0878c57931..88f1abc18c 100644 --- a/test/core/tsi/ssl_transport_security_test.cc +++ b/test/core/tsi/ssl_transport_security_test.cc @@ -61,7 +61,9 @@ typedef struct ssl_alpn_lib { typedef struct ssl_key_cert_lib { bool use_bad_server_cert; bool use_bad_client_cert; + bool use_root_store; char* root_cert; + tsi_ssl_root_certs_store* root_store; tsi_ssl_pem_key_cert_pair* server_pem_key_cert_pairs; tsi_ssl_pem_key_cert_pair* bad_server_pem_key_cert_pairs; tsi_ssl_pem_key_cert_pair client_pem_key_cert_pair; @@ -108,6 +110,8 @@ static void ssl_test_setup_handshakers(tsi_test_fixture* fixture) { client_options.alpn_protocols = alpn_lib->client_alpn_protocols; client_options.num_alpn_protocols = alpn_lib->num_client_alpn_protocols; } + client_options.root_store = + key_cert_lib->use_root_store ? key_cert_lib->root_store : nullptr; if (ssl_fixture->session_cache != nullptr) { client_options.session_cache = ssl_fixture->session_cache; } @@ -345,6 +349,7 @@ static void ssl_test_destruct(tsi_test_fixture* fixture) { ssl_test_pem_key_cert_pair_destroy( key_cert_lib->bad_client_pem_key_cert_pair); gpr_free(key_cert_lib->root_cert); + tsi_ssl_root_certs_store_destroy(key_cert_lib->root_store); gpr_free(key_cert_lib); if (ssl_fixture->session_cache != nullptr) { tsi_ssl_session_cache_unref(ssl_fixture->session_cache); @@ -384,6 +389,7 @@ static tsi_test_fixture* ssl_tsi_test_fixture_create() { static_cast<ssl_key_cert_lib*>(gpr_zalloc(sizeof(*key_cert_lib))); key_cert_lib->use_bad_server_cert = false; key_cert_lib->use_bad_client_cert = false; + key_cert_lib->use_root_store = false; key_cert_lib->server_num_key_cert_pairs = SSL_TSI_TEST_SERVER_KEY_CERT_PAIRS_NUM; key_cert_lib->bad_server_num_key_cert_pairs = @@ -417,6 +423,9 @@ static tsi_test_fixture* ssl_tsi_test_fixture_create() { key_cert_lib->bad_client_pem_key_cert_pair.cert_chain = load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badclient.pem"); key_cert_lib->root_cert = load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "ca.pem"); + key_cert_lib->root_store = + tsi_ssl_root_certs_store_create(key_cert_lib->root_cert); + GPR_ASSERT(key_cert_lib->root_store != nullptr); ssl_fixture->key_cert_lib = key_cert_lib; /* Create ssl_alpn_lib. */ ssl_alpn_lib* alpn_lib = @@ -462,6 +471,15 @@ void ssl_tsi_test_do_handshake() { tsi_test_fixture_destroy(fixture); } +void ssl_tsi_test_do_handshake_with_root_store() { + tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); + ssl_tsi_test_fixture* ssl_fixture = + reinterpret_cast<ssl_tsi_test_fixture*>(fixture); + ssl_fixture->key_cert_lib->use_root_store = true; + tsi_test_do_handshake(fixture); + tsi_test_fixture_destroy(fixture); +} + void ssl_tsi_test_do_handshake_with_client_authentication() { tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); ssl_tsi_test_fixture* ssl_fixture = @@ -471,6 +489,16 @@ void ssl_tsi_test_do_handshake_with_client_authentication() { tsi_test_fixture_destroy(fixture); } +void ssl_tsi_test_do_handshake_with_client_authentication_and_root_store() { + tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); + ssl_tsi_test_fixture* ssl_fixture = + reinterpret_cast<ssl_tsi_test_fixture*>(fixture); + ssl_fixture->force_client_auth = true; + ssl_fixture->key_cert_lib->use_root_store = true; + tsi_test_do_handshake(fixture); + tsi_test_fixture_destroy(fixture); +} + void ssl_tsi_test_do_handshake_with_server_name_indication_exact_domain() { /* server1 cert contains "waterzooi.test.google.be" in SAN. */ tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); @@ -727,9 +755,11 @@ void test_tsi_ssl_client_handshaker_factory_bad_params() { const char* cert_chain = "This is not a valid PEM file."; tsi_ssl_client_handshaker_factory* client_handshaker_factory; - GPR_ASSERT(tsi_create_ssl_client_handshaker_factory( - nullptr, cert_chain, nullptr, nullptr, 0, - &client_handshaker_factory) == TSI_INVALID_ARGUMENT); + tsi_ssl_client_handshaker_options options; + memset(&options, 0, sizeof(options)); + options.pem_root_certs = cert_chain; + GPR_ASSERT(tsi_create_ssl_client_handshaker_factory_with_options( + &options, &client_handshaker_factory) == TSI_INVALID_ARGUMENT); tsi_ssl_client_handshaker_factory_unref(client_handshaker_factory); } @@ -746,7 +776,9 @@ int main(int argc, char** argv) { ssl_tsi_test_do_handshake_tiny_handshake_buffer(); ssl_tsi_test_do_handshake_small_handshake_buffer(); ssl_tsi_test_do_handshake(); + ssl_tsi_test_do_handshake_with_root_store(); ssl_tsi_test_do_handshake_with_client_authentication(); + ssl_tsi_test_do_handshake_with_client_authentication_and_root_store(); ssl_tsi_test_do_handshake_with_server_name_indication_exact_domain(); ssl_tsi_test_do_handshake_with_server_name_indication_wild_star_domain(); ssl_tsi_test_do_handshake_with_bad_server_cert(); |