aboutsummaryrefslogtreecommitdiffhomepage
path: root/test/core/security/security_connector_test.cc
diff options
context:
space:
mode:
Diffstat (limited to 'test/core/security/security_connector_test.cc')
-rw-r--r--test/core/security/security_connector_test.cc78
1 files changed, 59 insertions, 19 deletions
diff --git a/test/core/security/security_connector_test.cc b/test/core/security/security_connector_test.cc
index ed3849bfc8..e4c3ace6b4 100644
--- a/test/core/security/security_connector_test.cc
+++ b/test/core/security/security_connector_test.cc
@@ -87,15 +87,15 @@ static void test_unauthenticated_ssl_peer(void) {
GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
&peer.properties[0]) == TSI_OK);
- ctx = tsi_ssl_peer_to_auth_context(&peer);
+ ctx = grpc_ssl_peer_to_auth_context(&peer);
GPR_ASSERT(ctx != nullptr);
GPR_ASSERT(!grpc_auth_context_peer_is_authenticated(ctx));
GPR_ASSERT(check_transport_security_type(ctx));
- rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx);
GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
- tsi_shallow_peer_destruct(&rpeer);
+ grpc_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
@@ -187,7 +187,7 @@ static void test_cn_only_ssl_peer_to_auth_context(void) {
GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert,
&peer.properties[2]) == TSI_OK);
- ctx = tsi_ssl_peer_to_auth_context(&peer);
+ ctx = grpc_ssl_peer_to_auth_context(&peer);
GPR_ASSERT(ctx != nullptr);
GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
GPR_ASSERT(check_identity(ctx, GRPC_X509_CN_PROPERTY_NAME, &expected_cn, 1));
@@ -195,10 +195,10 @@ static void test_cn_only_ssl_peer_to_auth_context(void) {
GPR_ASSERT(check_x509_cn(ctx, expected_cn));
GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert));
- rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx);
GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
- tsi_shallow_peer_destruct(&rpeer);
+ grpc_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
@@ -223,7 +223,7 @@ static void test_cn_and_one_san_ssl_peer_to_auth_context(void) {
GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert,
&peer.properties[3]) == TSI_OK);
- ctx = tsi_ssl_peer_to_auth_context(&peer);
+ ctx = grpc_ssl_peer_to_auth_context(&peer);
GPR_ASSERT(ctx != nullptr);
GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
GPR_ASSERT(
@@ -232,10 +232,10 @@ static void test_cn_and_one_san_ssl_peer_to_auth_context(void) {
GPR_ASSERT(check_x509_cn(ctx, expected_cn));
GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert));
- rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx);
GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
- tsi_shallow_peer_destruct(&rpeer);
+ grpc_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
@@ -264,7 +264,7 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
expected_sans[i], &peer.properties[3 + i]) == TSI_OK);
}
- ctx = tsi_ssl_peer_to_auth_context(&peer);
+ ctx = grpc_ssl_peer_to_auth_context(&peer);
GPR_ASSERT(ctx != nullptr);
GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
GPR_ASSERT(check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans,
@@ -273,10 +273,10 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
GPR_ASSERT(check_x509_cn(ctx, expected_cn));
GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert));
- rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx);
GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
- tsi_shallow_peer_destruct(&rpeer);
+ grpc_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
@@ -310,7 +310,7 @@ static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
expected_sans[i], &peer.properties[5 + i]) == TSI_OK);
}
- ctx = tsi_ssl_peer_to_auth_context(&peer);
+ ctx = grpc_ssl_peer_to_auth_context(&peer);
GPR_ASSERT(ctx != nullptr);
GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
GPR_ASSERT(check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans,
@@ -319,10 +319,10 @@ static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(
GPR_ASSERT(check_x509_cn(ctx, expected_cn));
GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert));
- rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx);
GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
- tsi_shallow_peer_destruct(&rpeer);
+ grpc_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
@@ -340,6 +340,41 @@ static grpc_ssl_roots_override_result override_roots_permanent_failure(
return GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY;
}
+static void test_ipv6_address_san(void) {
+ const char* addresses[] = {
+ "2001:db8::1", "fe80::abcd:ef65:4321%em0", "fd11:feed:beef:0:cafe::4",
+ "128.10.0.1:8888", "[2001:db8::1]:8080", "[2001:db8::1%em1]:8080",
+ };
+ const char* san_ips[] = {
+ "2001:db8::1", "fe80::abcd:ef65:4321", "fd11:feed:beef:0:cafe::4",
+ "128.10.0.1", "2001:db8::1", "2001:db8::1",
+ };
+ tsi_peer peer;
+ GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
+ for (size_t i = 0; i < GPR_ARRAY_SIZE(addresses); i++) {
+ GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
+ TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, san_ips[i],
+ &peer.properties[0]) == TSI_OK);
+ GPR_ASSERT(grpc_ssl_host_matches_name(&peer, addresses[i]));
+ tsi_peer_property_destruct(&peer.properties[0]);
+ }
+ tsi_peer_destruct(&peer);
+}
+namespace grpc_core {
+namespace {
+
+class TestDefafaultSllRootStore : public DefaultSslRootStore {
+ public:
+ static grpc_slice ComputePemRootCertsForTesting() {
+ return ComputePemRootCerts();
+ }
+};
+
+} // namespace
+} // namespace grpc_core
+
+// TODO: Convert this test to C++ test when security_connector implementation
+// is converted to C++.
static void test_default_ssl_roots(void) {
const char* roots_for_env_var = "roots for env var";
@@ -353,7 +388,8 @@ static void test_default_ssl_roots(void) {
value. */
gpr_setenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR, "");
grpc_set_ssl_roots_override_callback(override_roots_success);
- grpc_slice roots = grpc_get_default_ssl_roots_for_testing();
+ grpc_slice roots =
+ grpc_core::TestDefafaultSllRootStore::ComputePemRootCertsForTesting();
char* roots_contents = grpc_slice_to_c_string(roots);
grpc_slice_unref(roots);
GPR_ASSERT(strcmp(roots_contents, roots_for_override_api) == 0);
@@ -362,7 +398,7 @@ static void test_default_ssl_roots(void) {
/* Now let's set the env var: We should get the contents pointed value
instead. */
gpr_setenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR, roots_env_var_file_path);
- roots = grpc_get_default_ssl_roots_for_testing();
+ roots = grpc_core::TestDefafaultSllRootStore::ComputePemRootCertsForTesting();
roots_contents = grpc_slice_to_c_string(roots);
grpc_slice_unref(roots);
GPR_ASSERT(strcmp(roots_contents, roots_for_env_var) == 0);
@@ -371,7 +407,7 @@ static void test_default_ssl_roots(void) {
/* Now reset the env var. We should fall back to the value overridden using
the api. */
gpr_setenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR, "");
- roots = grpc_get_default_ssl_roots_for_testing();
+ roots = grpc_core::TestDefafaultSllRootStore::ComputePemRootCertsForTesting();
roots_contents = grpc_slice_to_c_string(roots);
grpc_slice_unref(roots);
GPR_ASSERT(strcmp(roots_contents, roots_for_override_api) == 0);
@@ -380,8 +416,11 @@ static void test_default_ssl_roots(void) {
/* Now setup a permanent failure for the overridden roots and we should get
an empty slice. */
grpc_set_ssl_roots_override_callback(override_roots_permanent_failure);
- roots = grpc_get_default_ssl_roots_for_testing();
+ roots = grpc_core::TestDefafaultSllRootStore::ComputePemRootCertsForTesting();
GPR_ASSERT(GRPC_SLICE_IS_EMPTY(roots));
+ const tsi_ssl_root_certs_store* root_store =
+ grpc_core::TestDefafaultSllRootStore::GetRootStore();
+ GPR_ASSERT(root_store == nullptr);
/* Cleanup. */
remove(roots_env_var_file_path);
@@ -397,6 +436,7 @@ int main(int argc, char** argv) {
test_cn_and_one_san_ssl_peer_to_auth_context();
test_cn_and_multiple_sans_ssl_peer_to_auth_context();
test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context();
+ test_ipv6_address_san();
test_default_ssl_roots();
grpc_shutdown();
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-16 08:17:49 +0000