API for auth context and server-side secure transport only impl.

Still TODO:
- a way to plug a metadata processing (somewhat elsewhere but did not
  one to overload this already large PR).
- plug-in the auth context on the client side.
- Better end to end testing.

2 files changed, 182 insertions, 1 deletions

diff --git a/test/core/end2end/tests/request_response_with_payload_and_call_creds.c b/test/core/end2end/tests/request_response_with_payload_and_call_creds.c
index 01554bed8c..8e1fb63d74 100644
--- a/test/core/end2end/tests/request_response_with_payload_and_call_creds.c
+++ b/test/core/end2end/tests/request_response_with_payload_and_call_creds.c
@@ -111,6 +111,27 @@ static void end_test(grpc_end2end_test_fixture *f) {
   grpc_completion_queue_destroy(f->client_cq);
 }
 
+static void print_auth_context(int is_client, const grpc_auth_context *ctx) {
+  const grpc_auth_property *p;
+  grpc_auth_property_iterator *it;
+  gpr_log(GPR_INFO, "%s peer:", is_client ? "client" : "server");
+  it = grpc_auth_context_peer_identity(ctx);
+  gpr_log(GPR_INFO, "\tauthenticated: %s", it != NULL ? "YES" : "NO");
+  if (it != NULL) {
+    while ((p = grpc_auth_property_iterator_next(it)) != NULL) {
+      gpr_log(GPR_INFO, "\t\t%s: %s", p->name, p->value);
+    }
+    grpc_auth_property_iterator_destroy(it);
+  }
+  gpr_log(GPR_INFO, "\tall properties:");
+  it = grpc_auth_context_property_iterator(ctx);
+  GPR_ASSERT(it != NULL);
+  while ((p = grpc_auth_property_iterator_next(it)) != NULL) {
+    gpr_log(GPR_INFO, "\t\t%s: %s", p->name, p->value);
+  }
+  grpc_auth_property_iterator_destroy(it);
+}
+
 static void test_call_creds_failure(grpc_end2end_test_config config) {
   grpc_call *c;
   grpc_credentials *creds = NULL;
@@ -158,6 +179,7 @@ static void request_response_with_payload_and_call_creds(
   size_t details_capacity = 0;
   int was_cancelled = 2;
   grpc_credentials *creds = NULL;
+  const grpc_auth_context *s_auth_context = NULL;
 
   c = grpc_channel_create_call(f.client, f.client_cq, "/foo",
                                "foo.test.google.fr", deadline);
@@ -212,10 +234,13 @@ static void request_response_with_payload_and_call_creds(
   GPR_ASSERT(GRPC_CALL_OK == grpc_server_request_call(f.server, &s,
                                                       &call_details,
                                                       &request_metadata_recv,
-                                                      f.server_cq, f.server_cq, 
+                                                      f.server_cq, f.server_cq,
                                                       tag(101)));
   cq_expect_completion(v_server, tag(101), 1);
   cq_verify(v_server);
+  s_auth_context = grpc_call_auth_context(s);
+  GPR_ASSERT(s_auth_context != NULL);
+  print_auth_context(0, s_auth_context);
 
   /* Cannot set creds on the server call object. */
   GPR_ASSERT(grpc_call_set_credentials(s, NULL) != GRPC_CALL_OK);
diff --git a/test/core/security/auth_context_test.c b/test/core/security/auth_context_test.c
new file mode 100644
index 0000000000..88f7522fce
--- /dev/null
+++ b/test/core/security/auth_context_test.c
@@ -0,0 +1,156 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include<string.h>
+
+#include "src/core/security/security_context.h"
+#include "src/core/support/string.h"
+#include "test/core/util/test_config.h"
+
+#include <grpc/support/log.h>
+
+static void test_empty_context(void) {
+  grpc_auth_context *ctx = grpc_auth_context_create(NULL, 0);
+  grpc_auth_property_iterator *it;
+
+  gpr_log(GPR_INFO, __FUNCTION__);
+  GPR_ASSERT(ctx != NULL);
+  GPR_ASSERT(grpc_auth_context_peer_identity_property_name(ctx) == NULL);
+  GPR_ASSERT(grpc_auth_context_peer_identity(ctx) == NULL);
+  it = grpc_auth_context_property_iterator(ctx);
+  GPR_ASSERT(it != NULL);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == NULL);
+  grpc_auth_property_iterator_destroy(it);
+  it = grpc_auth_context_find_properties_by_name(ctx, "foo");
+  GPR_ASSERT(it != NULL);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == NULL);
+  grpc_auth_property_iterator_destroy(it);
+  grpc_auth_context_unref(ctx);
+}
+
+static void test_simple_context(void) {
+  grpc_auth_context *ctx = grpc_auth_context_create(NULL, 3);
+  grpc_auth_property_iterator *it;
+  size_t i;
+
+  gpr_log(GPR_INFO, __FUNCTION__);
+  GPR_ASSERT(ctx != NULL);
+  GPR_ASSERT(ctx->property_count == 3);
+  ctx->properties[0] = grpc_auth_property_init_from_cstring("name", "chapi");
+  ctx->properties[1] = grpc_auth_property_init_from_cstring("name", "chapo");
+  ctx->properties[2] = grpc_auth_property_init_from_cstring("foo", "bar");
+  ctx->peer_identity_property_name = ctx->properties[0].name;
+
+  GPR_ASSERT(
+      strcmp(grpc_auth_context_peer_identity_property_name(ctx), "name") == 0);
+  it = grpc_auth_context_property_iterator(ctx);
+  for (i = 0; i < ctx->property_count; i++) {
+    const grpc_auth_property *p = grpc_auth_property_iterator_next(it);
+    GPR_ASSERT(p == &ctx->properties[i]);
+  }
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == NULL);
+  grpc_auth_property_iterator_destroy(it);
+
+  it = grpc_auth_context_find_properties_by_name(ctx, "foo");
+  GPR_ASSERT(it != NULL);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == &ctx->properties[2]);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == NULL);
+  grpc_auth_property_iterator_destroy(it);
+
+  it = grpc_auth_context_peer_identity(ctx);
+  GPR_ASSERT(it != NULL);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == &ctx->properties[0]);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == &ctx->properties[1]);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == NULL);
+  grpc_auth_property_iterator_destroy(it);
+
+  grpc_auth_context_unref(ctx);
+}
+
+static void test_chained_context(void) {
+  grpc_auth_context *chained = grpc_auth_context_create(NULL, 2);
+  grpc_auth_context *ctx = grpc_auth_context_create(chained, 3);
+  grpc_auth_property_iterator *it;
+  size_t i;
+
+  gpr_log(GPR_INFO, __FUNCTION__);
+  grpc_auth_context_unref(chained);
+  chained->properties[0] =
+      grpc_auth_property_init_from_cstring("name", "padapo");
+  chained->properties[1] = grpc_auth_property_init_from_cstring("foo", "baz");
+  ctx->properties[0] = grpc_auth_property_init_from_cstring("name", "chapi");
+  ctx->properties[1] = grpc_auth_property_init_from_cstring("name", "chapo");
+  ctx->properties[2] = grpc_auth_property_init_from_cstring("foo", "bar");
+  ctx->peer_identity_property_name = ctx->properties[0].name;
+
+  GPR_ASSERT(
+      strcmp(grpc_auth_context_peer_identity_property_name(ctx), "name") == 0);
+  it = grpc_auth_context_property_iterator(ctx);
+  for (i = 0; i < ctx->property_count; i++) {
+    const grpc_auth_property *p = grpc_auth_property_iterator_next(it);
+    GPR_ASSERT(p == &ctx->properties[i]);
+  }
+  for (i = 0; i < chained->property_count; i++) {
+    const grpc_auth_property *p = grpc_auth_property_iterator_next(it);
+    GPR_ASSERT(p == &chained->properties[i]);
+  }
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == NULL);
+  grpc_auth_property_iterator_destroy(it);
+
+  it = grpc_auth_context_find_properties_by_name(ctx, "foo");
+  GPR_ASSERT(it != NULL);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == &ctx->properties[2]);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == &chained->properties[1]);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == NULL);
+  grpc_auth_property_iterator_destroy(it);
+
+  it = grpc_auth_context_peer_identity(ctx);
+  GPR_ASSERT(it != NULL);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == &ctx->properties[0]);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == &ctx->properties[1]);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == &chained->properties[0]);
+  GPR_ASSERT(grpc_auth_property_iterator_next(it) == NULL);
+  grpc_auth_property_iterator_destroy(it);
+
+  grpc_auth_context_unref(ctx);
+}
+
+
+int main(int argc, char **argv) {
+  grpc_test_init(argc, argv);
+  test_empty_context();
+  test_simple_context();
+  test_chained_context();
+  return 0;
+}
+