diff options
Diffstat (limited to 'test/core/security')
| -rw-r--r-- | test/core/security/auth_context_test.c | 4 | ||||
| -rw-r--r-- | test/core/security/b64_test.c | 4 | ||||
| -rw-r--r-- | test/core/security/create_jwt.c | 8 | ||||
| -rw-r--r-- | test/core/security/credentials_test.c | 37 | ||||
| -rw-r--r-- | test/core/security/fetch_oauth2.c | 6 | ||||
| -rw-r--r-- | test/core/security/json_token_test.c | 8 | ||||
| -rw-r--r-- | test/core/security/jwt_verifier_test.c | 24 | ||||
| -rw-r--r-- | test/core/security/oauth2_utils.c | 4 | ||||
| -rw-r--r-- | test/core/security/oauth2_utils.h | 2 | ||||
| -rw-r--r-- | test/core/security/print_google_default_creds_token.c | 6 | ||||
| -rw-r--r-- | test/core/security/secure_endpoint_test.c | 10 | ||||
| -rw-r--r-- | test/core/security/security_connector_test.c | 74 | ||||
| -rw-r--r-- | test/core/security/verify_jwt.c | 4 |
13 files changed, 119 insertions, 72 deletions
diff --git a/test/core/security/auth_context_test.c b/test/core/security/auth_context_test.c index d091c7e7e6..d1ead16235 100644 --- a/test/core/security/auth_context_test.c +++ b/test/core/security/auth_context_test.c @@ -33,8 +33,8 @@ #include <string.h> -#include "src/core/security/security_context.h" -#include "src/core/support/string.h" +#include "src/core/lib/security/security_context.h" +#include "src/core/lib/support/string.h" #include "test/core/util/test_config.h" #include <grpc/support/log.h> diff --git a/test/core/security/b64_test.c b/test/core/security/b64_test.c index 772514e1fd..cea870321d 100644 --- a/test/core/security/b64_test.c +++ b/test/core/security/b64_test.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,7 +31,7 @@ * */ -#include "src/core/security/b64.h" +#include "src/core/lib/security/b64.h" #include <string.h> diff --git a/test/core/security/create_jwt.c b/test/core/security/create_jwt.c index 4c0cf436ee..6d4707f3c7 100644 --- a/test/core/security/create_jwt.c +++ b/test/core/security/create_jwt.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,9 +34,9 @@ #include <stdio.h> #include <string.h> -#include "src/core/security/credentials.h" -#include "src/core/security/json_token.h" -#include "src/core/support/load_file.h" +#include "src/core/lib/security/credentials.h" +#include "src/core/lib/security/json_token.h" +#include "src/core/lib/support/load_file.h" #include <grpc/support/alloc.h> #include <grpc/support/cmdline.h> diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c index 98133ef5e5..7867293278 100644 --- a/test/core/security/credentials_test.c +++ b/test/core/security/credentials_test.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -33,7 +33,7 @@ #include <grpc/support/port_platform.h> -#include "src/core/security/credentials.h" +#include "src/core/lib/security/credentials.h" #include <openssl/rsa.h> #include <stdlib.h> @@ -44,11 +44,11 @@ #include <grpc/support/string_util.h> #include <grpc/support/time.h> -#include "src/core/httpcli/httpcli.h" -#include "src/core/security/json_token.h" -#include "src/core/support/env.h" -#include "src/core/support/tmpfile.h" -#include "src/core/support/string.h" +#include "src/core/lib/http/httpcli.h" +#include "src/core/lib/security/json_token.h" +#include "src/core/lib/support/env.h" +#include "src/core/lib/support/string.h" +#include "src/core/lib/support/tmpfile.h" #include "test/core/util/test_config.h" /* -- Mock channel credentials. -- */ @@ -536,12 +536,12 @@ static void validate_compute_engine_http_request( GPR_ASSERT(request->handshaker != &grpc_httpcli_ssl); GPR_ASSERT(strcmp(request->host, "metadata") == 0); GPR_ASSERT( - strcmp(request->path, + strcmp(request->http.path, "/computeMetadata/v1/instance/service-accounts/default/token") == 0); - GPR_ASSERT(request->hdr_count == 1); - GPR_ASSERT(strcmp(request->hdrs[0].key, "Metadata-Flavor") == 0); - GPR_ASSERT(strcmp(request->hdrs[0].value, "Google") == 0); + GPR_ASSERT(request->http.hdr_count == 1); + GPR_ASSERT(strcmp(request->http.hdrs[0].key, "Metadata-Flavor") == 0); + GPR_ASSERT(strcmp(request->http.hdrs[0].value, "Google") == 0); } static int compute_engine_httpcli_get_success_override( @@ -639,11 +639,12 @@ static void validate_refresh_token_http_request( gpr_free(expected_body); GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); GPR_ASSERT(strcmp(request->host, GRPC_GOOGLE_OAUTH2_SERVICE_HOST) == 0); - GPR_ASSERT(strcmp(request->path, GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH) == 0); - GPR_ASSERT(request->hdr_count == 1); - GPR_ASSERT(strcmp(request->hdrs[0].key, "Content-Type") == 0); GPR_ASSERT( - strcmp(request->hdrs[0].value, "application/x-www-form-urlencoded") == 0); + strcmp(request->http.path, GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH) == 0); + GPR_ASSERT(request->http.hdr_count == 1); + GPR_ASSERT(strcmp(request->http.hdrs[0].key, "Content-Type") == 0); + GPR_ASSERT(strcmp(request->http.hdrs[0].value, + "application/x-www-form-urlencoded") == 0); } static int refresh_token_httpcli_post_success( @@ -898,12 +899,12 @@ static int default_creds_gce_detection_httpcli_get_success_override( gpr_timespec deadline, grpc_httpcli_response_cb on_response, void *user_data) { grpc_httpcli_response response = http_response(200, ""); - grpc_httpcli_header header; + grpc_http_header header; header.key = "Metadata-Flavor"; header.value = "Google"; response.hdr_count = 1; response.hdrs = &header; - GPR_ASSERT(strcmp(request->path, "/") == 0); + GPR_ASSERT(strcmp(request->http.path, "/") == 0); GPR_ASSERT(strcmp(request->host, "metadata.google.internal") == 0); on_response(exec_ctx, user_data, &response); return 1; @@ -961,7 +962,7 @@ static int default_creds_gce_detection_httpcli_get_failure_override( void *user_data) { /* No magic header. */ grpc_httpcli_response response = http_response(200, ""); - GPR_ASSERT(strcmp(request->path, "/") == 0); + GPR_ASSERT(strcmp(request->http.path, "/") == 0); GPR_ASSERT(strcmp(request->host, "metadata.google.internal") == 0); on_response(exec_ctx, user_data, &response); return 1; diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c index 87b54f1a0c..bd314e90d8 100644 --- a/test/core/security/fetch_oauth2.c +++ b/test/core/security/fetch_oauth2.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -42,8 +42,8 @@ #include <grpc/support/slice.h> #include <grpc/support/sync.h> -#include "src/core/security/credentials.h" -#include "src/core/support/load_file.h" +#include "src/core/lib/security/credentials.h" +#include "src/core/lib/support/load_file.h" #include "test/core/security/oauth2_utils.h" static grpc_call_credentials *create_refresh_token_creds( diff --git a/test/core/security/json_token_test.c b/test/core/security/json_token_test.c index 4d80c16fb9..3aee52ee5c 100644 --- a/test/core/security/json_token_test.c +++ b/test/core/security/json_token_test.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,7 +31,7 @@ * */ -#include "src/core/security/json_token.h" +#include "src/core/lib/security/json_token.h" #include <openssl/evp.h> #include <string.h> @@ -41,8 +41,8 @@ #include <grpc/support/log.h> #include <grpc/support/slice.h> -#include "src/core/json/json.h" -#include "src/core/security/b64.h" +#include "src/core/lib/json/json.h" +#include "src/core/lib/security/b64.h" #include "test/core/util/test_config.h" /* This JSON key was generated with the GCE console and revoked immediately. diff --git a/test/core/security/jwt_verifier_test.c b/test/core/security/jwt_verifier_test.c index f6ec9e12ef..077f44d1d6 100644 --- a/test/core/security/jwt_verifier_test.c +++ b/test/core/security/jwt_verifier_test.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -31,20 +31,22 @@ * */ -#include "src/core/security/jwt_verifier.h" +#include "src/core/lib/security/jwt_verifier.h" #include <string.h> -#include "src/core/httpcli/httpcli.h" -#include "src/core/security/b64.h" -#include "src/core/security/json_token.h" -#include "test/core/util/test_config.h" +#include <grpc/grpc.h> #include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <grpc/support/slice.h> #include <grpc/support/string_util.h> +#include "src/core/lib/http/httpcli.h" +#include "src/core/lib/security/b64.h" +#include "src/core/lib/security/json_token.h" +#include "test/core/util/test_config.h" + /* This JSON key was generated with the GCE console and revoked immediately. The identifiers have been changed as well. Maximum size for a string literal is 509 chars in C89, yay! */ @@ -288,7 +290,7 @@ static int httpcli_get_google_keys_for_email( grpc_httpcli_response response = http_response(200, good_google_email_keys()); GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); GPR_ASSERT(strcmp(request->host, "www.googleapis.com") == 0); - GPR_ASSERT(strcmp(request->path, + GPR_ASSERT(strcmp(request->http.path, "/robot/v1/metadata/x509/" "777-abaslkan11hlb6nmim3bpspl31ud@developer." "gserviceaccount.com") == 0); @@ -336,7 +338,7 @@ static int httpcli_get_custom_keys_for_email( grpc_httpcli_response response = http_response(200, gpr_strdup(good_jwk_set)); GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); GPR_ASSERT(strcmp(request->host, "keys.bar.com") == 0); - GPR_ASSERT(strcmp(request->path, "/jwk/foo@bar.com") == 0); + GPR_ASSERT(strcmp(request->http.path, "/jwk/foo@bar.com") == 0); on_response(exec_ctx, user_data, &response); gpr_free(response.body); return 1; @@ -372,7 +374,7 @@ static int httpcli_get_jwk_set(grpc_exec_ctx *exec_ctx, grpc_httpcli_response response = http_response(200, gpr_strdup(good_jwk_set)); GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); GPR_ASSERT(strcmp(request->host, "www.googleapis.com") == 0); - GPR_ASSERT(strcmp(request->path, "/oauth2/v3/certs") == 0); + GPR_ASSERT(strcmp(request->http.path, "/oauth2/v3/certs") == 0); on_response(exec_ctx, user_data, &response); gpr_free(response.body); return 1; @@ -387,7 +389,7 @@ static int httpcli_get_openid_config(grpc_exec_ctx *exec_ctx, http_response(200, gpr_strdup(good_openid_config)); GPR_ASSERT(request->handshaker == &grpc_httpcli_ssl); GPR_ASSERT(strcmp(request->host, "accounts.google.com") == 0); - GPR_ASSERT(strcmp(request->path, GRPC_OPENID_CONFIG_URL_SUFFIX) == 0); + GPR_ASSERT(strcmp(request->http.path, GRPC_OPENID_CONFIG_URL_SUFFIX) == 0); grpc_httpcli_set_override(httpcli_get_jwk_set, httpcli_post_should_not_be_called); on_response(exec_ctx, user_data, &response); @@ -568,6 +570,7 @@ static void test_jwt_verifier_bad_format(void) { int main(int argc, char **argv) { grpc_test_init(argc, argv); + grpc_init(); test_claims_success(); test_expired_claims_failure(); test_invalid_claims_failure(); @@ -579,5 +582,6 @@ int main(int argc, char **argv) { test_jwt_verifier_bad_json_key(); test_jwt_verifier_bad_signature(); test_jwt_verifier_bad_format(); + grpc_shutdown(); return 0; } diff --git a/test/core/security/oauth2_utils.c b/test/core/security/oauth2_utils.c index 9b70afffe1..20815d184c 100644 --- a/test/core/security/oauth2_utils.c +++ b/test/core/security/oauth2_utils.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -42,7 +42,7 @@ #include <grpc/support/slice.h> #include <grpc/support/sync.h> -#include "src/core/security/credentials.h" +#include "src/core/lib/security/credentials.h" typedef struct { gpr_mu *mu; diff --git a/test/core/security/oauth2_utils.h b/test/core/security/oauth2_utils.h index b35fe7987f..eff98270c8 100644 --- a/test/core/security/oauth2_utils.h +++ b/test/core/security/oauth2_utils.h @@ -34,7 +34,7 @@ #ifndef GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H #define GRPC_TEST_CORE_SECURITY_OAUTH2_UTILS_H -#include "src/core/security/credentials.h" +#include "src/core/lib/security/credentials.h" #ifdef __cplusplus extern "C" { diff --git a/test/core/security/print_google_default_creds_token.c b/test/core/security/print_google_default_creds_token.c index 09673f362c..99bce4fbdf 100644 --- a/test/core/security/print_google_default_creds_token.c +++ b/test/core/security/print_google_default_creds_token.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -42,8 +42,8 @@ #include <grpc/support/slice.h> #include <grpc/support/sync.h> -#include "src/core/security/credentials.h" -#include "src/core/support/string.h" +#include "src/core/lib/security/credentials.h" +#include "src/core/lib/support/string.h" typedef struct { gpr_mu *mu; diff --git a/test/core/security/secure_endpoint_test.c b/test/core/security/secure_endpoint_test.c index 0e8c38a53e..aeaf38209b 100644 --- a/test/core/security/secure_endpoint_test.c +++ b/test/core/security/secure_endpoint_test.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -39,10 +39,10 @@ #include <grpc/grpc.h> #include <grpc/support/alloc.h> #include <grpc/support/log.h> -#include "src/core/iomgr/endpoint_pair.h" -#include "src/core/iomgr/iomgr.h" -#include "src/core/security/secure_endpoint.h" -#include "src/core/tsi/fake_transport_security.h" +#include "src/core/lib/iomgr/endpoint_pair.h" +#include "src/core/lib/iomgr/iomgr.h" +#include "src/core/lib/security/secure_endpoint.h" +#include "src/core/lib/tsi/fake_transport_security.h" #include "test/core/util/test_config.h" static gpr_mu *g_mu; diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c index 420e3a4c52..1a4e64b30c 100644 --- a/test/core/security/security_connector_test.c +++ b/test/core/security/security_connector_test.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -40,13 +40,13 @@ #include <grpc/support/string_util.h> #include <grpc/support/useful.h> -#include "src/core/security/security_connector.h" -#include "src/core/security/security_context.h" -#include "src/core/support/env.h" -#include "src/core/support/tmpfile.h" -#include "src/core/support/string.h" -#include "src/core/tsi/ssl_transport_security.h" -#include "src/core/tsi/transport_security.h" +#include "src/core/lib/security/security_connector.h" +#include "src/core/lib/security/security_context.h" +#include "src/core/lib/support/env.h" +#include "src/core/lib/support/string.h" +#include "src/core/lib/support/tmpfile.h" +#include "src/core/lib/tsi/ssl_transport_security.h" +#include "src/core/lib/tsi/transport_security.h" #include "test/core/util/test_config.h" static int check_transport_security_type(const grpc_auth_context *ctx) { @@ -80,13 +80,14 @@ static int check_peer_property(const tsi_peer *peer, static int check_ssl_peer_equivalence(const tsi_peer *original, const tsi_peer *reconstructed) { - /* The reconstructed peer only has CN and SAN properties. */ + /* The reconstructed peer only has CN, SAN and pem cert properties. */ size_t i; for (i = 0; i < original->property_count; i++) { const tsi_peer_property *prop = &original->properties[i]; if ((strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) || (strcmp(prop->name, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == - 0)) { + 0) || + (strcmp(prop->name, TSI_X509_PEM_CERT_PROPERTY) == 0)) { if (!check_peer_property(reconstructed, prop)) return 0; } } @@ -164,24 +165,50 @@ static int check_x509_cn(const grpc_auth_context *ctx, return 1; } +static int check_x509_pem_cert(const grpc_auth_context *ctx, + const char *expected_pem_cert) { + grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name( + ctx, GRPC_X509_PEM_CERT_PROPERTY_NAME); + const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); + if (prop == NULL) { + gpr_log(GPR_ERROR, "Pem certificate property not found."); + return 0; + } + if (strncmp(prop->value, expected_pem_cert, prop->value_length) != 0) { + gpr_log(GPR_ERROR, "Expected pem cert %s and got %s", expected_pem_cert, + prop->value); + return 0; + } + if (grpc_auth_property_iterator_next(&it) != NULL) { + gpr_log(GPR_ERROR, "Expected only one property for pem cert."); + return 0; + } + return 1; +} + static void test_cn_only_ssl_peer_to_auth_context(void) { tsi_peer peer; tsi_peer rpeer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; - GPR_ASSERT(tsi_construct_peer(2, &peer) == TSI_OK); + const char *expected_pem_cert = "pem_cert1"; + GPR_ASSERT(tsi_construct_peer(3, &peer) == TSI_OK); GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, &peer.properties[0]) == TSI_OK); GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, &peer.properties[1]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert, + &peer.properties[2]) == TSI_OK); ctx = tsi_ssl_peer_to_auth_context(&peer); GPR_ASSERT(ctx != NULL); GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); GPR_ASSERT(check_identity(ctx, GRPC_X509_CN_PROPERTY_NAME, &expected_cn, 1)); GPR_ASSERT(check_transport_security_type(ctx)); GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert)); rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); @@ -197,7 +224,8 @@ static void test_cn_and_one_san_ssl_peer_to_auth_context(void) { grpc_auth_context *ctx; const char *expected_cn = "cn1"; const char *expected_san = "san1"; - GPR_ASSERT(tsi_construct_peer(3, &peer) == TSI_OK); + const char *expected_pem_cert = "pem_cert1"; + GPR_ASSERT(tsi_construct_peer(4, &peer) == TSI_OK); GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, &peer.properties[0]) == TSI_OK); @@ -207,6 +235,9 @@ static void test_cn_and_one_san_ssl_peer_to_auth_context(void) { GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, expected_san, &peer.properties[2]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert, + &peer.properties[3]) == TSI_OK); ctx = tsi_ssl_peer_to_auth_context(&peer); GPR_ASSERT(ctx != NULL); GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); @@ -214,6 +245,7 @@ static void test_cn_and_one_san_ssl_peer_to_auth_context(void) { check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, &expected_san, 1)); GPR_ASSERT(check_transport_security_type(ctx)); GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert)); rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); @@ -229,8 +261,9 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) { grpc_auth_context *ctx; const char *expected_cn = "cn1"; const char *expected_sans[] = {"san1", "san2", "san3"}; + const char *expected_pem_cert = "pem_cert1"; size_t i; - GPR_ASSERT(tsi_construct_peer(2 + GPR_ARRAY_SIZE(expected_sans), &peer) == + GPR_ASSERT(tsi_construct_peer(3 + GPR_ARRAY_SIZE(expected_sans), &peer) == TSI_OK); GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, @@ -238,10 +271,13 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) { GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, &peer.properties[1]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert, + &peer.properties[2]) == TSI_OK); for (i = 0; i < GPR_ARRAY_SIZE(expected_sans); i++) { GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, - expected_sans[i], &peer.properties[2 + i]) == TSI_OK); + expected_sans[i], &peer.properties[3 + i]) == TSI_OK); } ctx = tsi_ssl_peer_to_auth_context(&peer); GPR_ASSERT(ctx != NULL); @@ -250,6 +286,7 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) { GPR_ARRAY_SIZE(expected_sans))); GPR_ASSERT(check_transport_security_type(ctx)); GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert)); rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); @@ -265,9 +302,10 @@ static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context( tsi_peer rpeer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; + const char *expected_pem_cert = "pem_cert1"; const char *expected_sans[] = {"san1", "san2", "san3"}; size_t i; - GPR_ASSERT(tsi_construct_peer(4 + GPR_ARRAY_SIZE(expected_sans), &peer) == + GPR_ASSERT(tsi_construct_peer(5 + GPR_ARRAY_SIZE(expected_sans), &peer) == TSI_OK); GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, @@ -279,10 +317,13 @@ static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context( &peer.properties[2]) == TSI_OK); GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( "chapi", "chapo", &peer.properties[3]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert, + &peer.properties[4]) == TSI_OK); for (i = 0; i < GPR_ARRAY_SIZE(expected_sans); i++) { GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, - expected_sans[i], &peer.properties[4 + i]) == TSI_OK); + expected_sans[i], &peer.properties[5 + i]) == TSI_OK); } ctx = tsi_ssl_peer_to_auth_context(&peer); GPR_ASSERT(ctx != NULL); @@ -291,6 +332,7 @@ static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context( GPR_ARRAY_SIZE(expected_sans))); GPR_ASSERT(check_transport_security_type(ctx)); GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + GPR_ASSERT(check_x509_pem_cert(ctx, expected_pem_cert)); rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); diff --git a/test/core/security/verify_jwt.c b/test/core/security/verify_jwt.c index eb86589681..2274fe18d8 100644 --- a/test/core/security/verify_jwt.c +++ b/test/core/security/verify_jwt.c @@ -1,6 +1,6 @@ /* * - * Copyright 2015-2016, Google Inc. + * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -42,7 +42,7 @@ #include <grpc/support/slice.h> #include <grpc/support/sync.h> -#include "src/core/security/jwt_verifier.h" +#include "src/core/lib/security/jwt_verifier.h" typedef struct { grpc_pollset *pollset; |