diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/core/security/fetch_oauth2.c | 23 | ||||
| -rw-r--r-- | test/core/security/print_google_default_creds_token.c | 23 | ||||
| -rw-r--r-- | test/core/security/security_connector_test.c | 257 | ||||
| -rw-r--r-- | test/cpp/qps/report.cc | 16 | ||||
| -rw-r--r-- | test/cpp/qps/report.h | 24 |
5 files changed, 297 insertions, 46 deletions
diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c index 3202df3328..767f724b62 100644 --- a/test/core/security/fetch_oauth2.c +++ b/test/core/security/fetch_oauth2.c @@ -46,8 +46,7 @@ #include "src/core/support/file.h" typedef struct { - gpr_cv cv; - gpr_mu mu; + grpc_pollset pollset; int is_done; } synchronizer; @@ -69,10 +68,10 @@ static void on_oauth2_response(void *user_data, printf("Got token: %s.\n", token); gpr_free(token); } - gpr_mu_lock(&sync->mu); + gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset)); sync->is_done = 1; - gpr_mu_unlock(&sync->mu); - gpr_cv_signal(&sync->cv); + grpc_pollset_kick(&sync->pollset); + gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset)); } static grpc_credentials *create_service_account_creds( @@ -176,18 +175,16 @@ int main(int argc, char **argv) { } GPR_ASSERT(creds != NULL); - gpr_mu_init(&sync.mu); - gpr_cv_init(&sync.cv); + grpc_pollset_init(&sync.pollset); sync.is_done = 0; - grpc_credentials_get_request_metadata(creds, "", on_oauth2_response, &sync); + grpc_credentials_get_request_metadata(creds, &sync.pollset, "", on_oauth2_response, &sync); - gpr_mu_lock(&sync.mu); - while (!sync.is_done) gpr_cv_wait(&sync.cv, &sync.mu, gpr_inf_future); - gpr_mu_unlock(&sync.mu); + gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); + while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future); + gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); - gpr_mu_destroy(&sync.mu); - gpr_cv_destroy(&sync.cv); + grpc_pollset_destroy(&sync.pollset); grpc_credentials_release(creds); gpr_cmdline_destroy(cl); grpc_shutdown(); diff --git a/test/core/security/print_google_default_creds_token.c b/test/core/security/print_google_default_creds_token.c index 051e8607c4..a0da5b2d93 100644 --- a/test/core/security/print_google_default_creds_token.c +++ b/test/core/security/print_google_default_creds_token.c @@ -44,8 +44,7 @@ #include <grpc/support/sync.h> typedef struct { - gpr_cv cv; - gpr_mu mu; + grpc_pollset pollset; int is_done; } synchronizer; @@ -61,10 +60,10 @@ static void on_metadata_response(void *user_data, printf("\nGot token: %s\n\n", (const char *)GPR_SLICE_START_PTR(md_elems[0].value)); } - gpr_mu_lock(&sync->mu); + gpr_mu_lock(GRPC_POLLSET_MU(&sync->pollset)); sync->is_done = 1; - gpr_mu_unlock(&sync->mu); - gpr_cv_signal(&sync->cv); + grpc_pollset_kick(&sync->pollset); + gpr_mu_unlock(GRPC_POLLSET_MU(&sync->pollset)); } int main(int argc, char **argv) { @@ -86,18 +85,16 @@ int main(int argc, char **argv) { goto end; } - gpr_mu_init(&sync.mu); - gpr_cv_init(&sync.cv); + grpc_pollset_init(&sync.pollset); sync.is_done = 0; - grpc_credentials_get_request_metadata(creds, "", on_metadata_response, &sync); + grpc_credentials_get_request_metadata(creds, &sync.pollset, "", on_metadata_response, &sync); - gpr_mu_lock(&sync.mu); - while (!sync.is_done) gpr_cv_wait(&sync.cv, &sync.mu, gpr_inf_future); - gpr_mu_unlock(&sync.mu); + gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); + while (!sync.is_done) grpc_pollset_work(&sync.pollset, gpr_inf_future); + gpr_mu_unlock(GRPC_POLLSET_MU(&sync.pollset)); - gpr_mu_destroy(&sync.mu); - gpr_cv_destroy(&sync.cv); + grpc_pollset_destroy(&sync.pollset); grpc_credentials_release(creds); end: diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c new file mode 100644 index 0000000000..4ad8beb727 --- /dev/null +++ b/test/core/security/security_connector_test.c @@ -0,0 +1,257 @@ +/* + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> +#include <string.h> + +#include "src/core/security/security_connector.h" +#include "src/core/security/security_context.h" +#include "src/core/tsi/ssl_transport_security.h" +#include "src/core/tsi/transport_security.h" +#include "test/core/util/test_config.h" + +#include <grpc/grpc_security.h> + +#include <grpc/support/alloc.h> +#include <grpc/support/log.h> +#include <grpc/support/useful.h> + +static int check_transport_security_type(const grpc_auth_context *ctx) { + grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name( + ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME); + const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); + if (prop == NULL) return 0; + if (strncmp(prop->value, GRPC_SSL_TRANSPORT_SECURITY_TYPE, + prop->value_length) != 0) { + return 0; + } + /* Check that we have only one property with this name. */ + if (grpc_auth_property_iterator_next(&it) != NULL) return 0; + return 1; +} + +static void test_unauthenticated_ssl_peer(void) { + tsi_peer peer; + grpc_auth_context *ctx; + GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + ctx = tsi_ssl_peer_to_auth_context(&peer); + GPR_ASSERT(ctx != NULL); + GPR_ASSERT(!grpc_auth_context_peer_is_authenticated(ctx)); + GPR_ASSERT(check_transport_security_type(ctx)); + + tsi_peer_destruct(&peer); + grpc_auth_context_unref(ctx); +} + +static int check_identity(const grpc_auth_context *ctx, + const char *expected_property_name, + const char **expected_identities, + size_t num_identities) { + grpc_auth_property_iterator it; + const grpc_auth_property *prop; + size_t i; + GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); + it = grpc_auth_context_peer_identity(ctx); + for (i = 0; i < num_identities; i++) { + prop = grpc_auth_property_iterator_next(&it); + if (prop == NULL) { + gpr_log(GPR_ERROR, "Expected identity value %s not found.", + expected_identities[i]); + return 0; + } + if (strcmp(prop->name, expected_property_name) != 0) { + gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.", + expected_property_name, prop->name); + return 0; + } + if (strncmp(prop->value, expected_identities[i], prop->value_length) != 0) { + gpr_log(GPR_ERROR, "Expected peer identity %s and got %s.", + expected_identities[i], prop->value); + return 0; + } + } + return 1; +} + +static int check_x509_cn(const grpc_auth_context *ctx, + const char *expected_cn) { + grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name( + ctx, GRPC_X509_CN_PROPERTY_NAME); + const grpc_auth_property *prop = grpc_auth_property_iterator_next(&it); + if (prop == NULL) { + gpr_log(GPR_ERROR, "CN property not found."); + return 0; + } + if (strncmp(prop->value, expected_cn, prop->value_length) != 0) { + gpr_log(GPR_ERROR, "Expected CN %s and got %s", expected_cn, prop->value); + return 0; + } + if (grpc_auth_property_iterator_next(&it) != NULL) { + gpr_log(GPR_ERROR, "Expected only one property for CN."); + return 0; + } + return 1; +} + +static void test_cn_only_ssl_peer_to_auth_context(void) { + tsi_peer peer; + grpc_auth_context *ctx; + const char *expected_cn = "cn1"; + GPR_ASSERT(tsi_construct_peer(2, &peer) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, + &peer.properties[1]) == TSI_OK); + ctx = tsi_ssl_peer_to_auth_context(&peer); + GPR_ASSERT(ctx != NULL); + GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); + GPR_ASSERT(check_identity(ctx, GRPC_X509_CN_PROPERTY_NAME, &expected_cn, 1)); + GPR_ASSERT(check_transport_security_type(ctx)); + GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + + tsi_peer_destruct(&peer); + grpc_auth_context_unref(ctx); +} + +static void test_cn_and_one_san_ssl_peer_to_auth_context(void) { + tsi_peer peer; + grpc_auth_context *ctx; + const char *expected_cn = "cn1"; + const char *expected_san = "san1"; + GPR_ASSERT(tsi_construct_peer(3, &peer) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, + &peer.properties[1]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, expected_san, + &peer.properties[2]) == TSI_OK); + ctx = tsi_ssl_peer_to_auth_context(&peer); + GPR_ASSERT(ctx != NULL); + GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); + GPR_ASSERT(check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, &expected_san, 1)); + GPR_ASSERT(check_transport_security_type(ctx)); + GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + + tsi_peer_destruct(&peer); + grpc_auth_context_unref(ctx); +} + +static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) { + tsi_peer peer; + grpc_auth_context *ctx; + const char *expected_cn = "cn1"; + const char *expected_sans[] = {"san1", "san2", "san3"}; + size_t i; + GPR_ASSERT(tsi_construct_peer(2 + GPR_ARRAY_SIZE(expected_sans), &peer) == + TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, + &peer.properties[1]) == TSI_OK); + for (i = 0; i < GPR_ARRAY_SIZE(expected_sans); i++) { + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, + expected_sans[i], &peer.properties[2 + i]) == TSI_OK); + } + ctx = tsi_ssl_peer_to_auth_context(&peer); + GPR_ASSERT(ctx != NULL); + GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); + GPR_ASSERT(check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans, + GPR_ARRAY_SIZE(expected_sans))); + GPR_ASSERT(check_transport_security_type(ctx)); + GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + + tsi_peer_destruct(&peer); + grpc_auth_context_unref(ctx); +} + +static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context( + void) { + tsi_peer peer; + grpc_auth_context *ctx; + const char *expected_cn = "cn1"; + const char *expected_sans[] = {"san1", "san2", "san3"}; + size_t i; + GPR_ASSERT(tsi_construct_peer(4 + GPR_ARRAY_SIZE(expected_sans), &peer) == + TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE, + &peer.properties[0]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + "foo", "bar", &peer.properties[1]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn, + &peer.properties[2]) == TSI_OK); + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + "chapi", "chapo", &peer.properties[3]) == TSI_OK); + for (i = 0; i < GPR_ARRAY_SIZE(expected_sans); i++) { + GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( + TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, + expected_sans[i], &peer.properties[4 + i]) == TSI_OK); + } + ctx = tsi_ssl_peer_to_auth_context(&peer); + GPR_ASSERT(ctx != NULL); + GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx)); + GPR_ASSERT(check_identity(ctx, GRPC_X509_SAN_PROPERTY_NAME, expected_sans, + GPR_ARRAY_SIZE(expected_sans))); + GPR_ASSERT(check_transport_security_type(ctx)); + GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + + tsi_peer_destruct(&peer); + grpc_auth_context_unref(ctx); + +} + +int main(int argc, char **argv) { + grpc_test_init(argc, argv); + grpc_init(); + + test_unauthenticated_ssl_peer(); + test_cn_only_ssl_peer_to_auth_context(); + test_cn_and_one_san_ssl_peer_to_auth_context(); + test_cn_and_multiple_sans_ssl_peer_to_auth_context(); + test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(); + + grpc_shutdown(); + return 0; +} diff --git a/test/cpp/qps/report.cc b/test/cpp/qps/report.cc index 678ea080d1..94aacdbd1c 100644 --- a/test/cpp/qps/report.cc +++ b/test/cpp/qps/report.cc @@ -43,39 +43,39 @@ void CompositeReporter::add(std::unique_ptr<Reporter> reporter) { reporters_.emplace_back(std::move(reporter)); } -void CompositeReporter::ReportQPS(const ScenarioResult& result) const { +void CompositeReporter::ReportQPS(const ScenarioResult& result) { for (size_t i = 0; i < reporters_.size(); ++i) { reporters_[i]->ReportQPS(result); } } -void CompositeReporter::ReportQPSPerCore(const ScenarioResult& result) const { +void CompositeReporter::ReportQPSPerCore(const ScenarioResult& result) { for (size_t i = 0; i < reporters_.size(); ++i) { reporters_[i]->ReportQPSPerCore(result); } } -void CompositeReporter::ReportLatency(const ScenarioResult& result) const { +void CompositeReporter::ReportLatency(const ScenarioResult& result) { for (size_t i = 0; i < reporters_.size(); ++i) { reporters_[i]->ReportLatency(result); } } -void CompositeReporter::ReportTimes(const ScenarioResult& result) const { +void CompositeReporter::ReportTimes(const ScenarioResult& result) { for (size_t i = 0; i < reporters_.size(); ++i) { reporters_[i]->ReportTimes(result); } } -void GprLogReporter::ReportQPS(const ScenarioResult& result) const { +void GprLogReporter::ReportQPS(const ScenarioResult& result) { gpr_log(GPR_INFO, "QPS: %.1f", result.latencies.Count() / average(result.client_resources, [](ResourceUsage u) { return u.wall_time; })); } -void GprLogReporter::ReportQPSPerCore(const ScenarioResult& result) const { +void GprLogReporter::ReportQPSPerCore(const ScenarioResult& result) { auto qps = result.latencies.Count() / average(result.client_resources, @@ -85,7 +85,7 @@ void GprLogReporter::ReportQPSPerCore(const ScenarioResult& result) const { qps / result.server_config.threads()); } -void GprLogReporter::ReportLatency(const ScenarioResult& result) const { +void GprLogReporter::ReportLatency(const ScenarioResult& result) { gpr_log(GPR_INFO, "Latencies (50/90/95/99/99.9%%-ile): %.1f/%.1f/%.1f/%.1f/%.1f us", result.latencies.Percentile(50) / 1000, @@ -95,7 +95,7 @@ void GprLogReporter::ReportLatency(const ScenarioResult& result) const { result.latencies.Percentile(99.9) / 1000); } -void GprLogReporter::ReportTimes(const ScenarioResult& result) const { +void GprLogReporter::ReportTimes(const ScenarioResult& result) { gpr_log(GPR_INFO, "Server system time: %.2f%%", 100.0 * sum(result.server_resources, [](ResourceUsage u) { return u.system_time; }) / diff --git a/test/cpp/qps/report.h b/test/cpp/qps/report.h index 0cce08816a..b1cf83fc23 100644 --- a/test/cpp/qps/report.h +++ b/test/cpp/qps/report.h @@ -59,16 +59,16 @@ class Reporter { string name() const { return name_; } /** Reports QPS for the given \a result. */ - virtual void ReportQPS(const ScenarioResult& result) const = 0; + virtual void ReportQPS(const ScenarioResult& result) = 0; /** Reports QPS per core as (YYY/server core). */ - virtual void ReportQPSPerCore(const ScenarioResult& result) const = 0; + virtual void ReportQPSPerCore(const ScenarioResult& result) = 0; /** Reports latencies for the 50, 90, 95, 99 and 99.9 percentiles, in ms. */ - virtual void ReportLatency(const ScenarioResult& result) const = 0; + virtual void ReportLatency(const ScenarioResult& result) = 0; /** Reports system and user time for client and server systems. */ - virtual void ReportTimes(const ScenarioResult& result) const = 0; + virtual void ReportTimes(const ScenarioResult& result) = 0; private: const string name_; @@ -82,10 +82,10 @@ class CompositeReporter : public Reporter { /** Adds a \a reporter to the composite. */ void add(std::unique_ptr<Reporter> reporter); - void ReportQPS(const ScenarioResult& result) const GRPC_OVERRIDE; - void ReportQPSPerCore(const ScenarioResult& result) const GRPC_OVERRIDE; - void ReportLatency(const ScenarioResult& result) const GRPC_OVERRIDE; - void ReportTimes(const ScenarioResult& result) const GRPC_OVERRIDE; + void ReportQPS(const ScenarioResult& result) GRPC_OVERRIDE; + void ReportQPSPerCore(const ScenarioResult& result) GRPC_OVERRIDE; + void ReportLatency(const ScenarioResult& result) GRPC_OVERRIDE; + void ReportTimes(const ScenarioResult& result) GRPC_OVERRIDE; private: std::vector<std::unique_ptr<Reporter> > reporters_; @@ -97,10 +97,10 @@ class GprLogReporter : public Reporter { GprLogReporter(const string& name) : Reporter(name) {} private: - void ReportQPS(const ScenarioResult& result) const GRPC_OVERRIDE; - void ReportQPSPerCore(const ScenarioResult& result) const GRPC_OVERRIDE; - void ReportLatency(const ScenarioResult& result) const GRPC_OVERRIDE; - void ReportTimes(const ScenarioResult& result) const GRPC_OVERRIDE; + void ReportQPS(const ScenarioResult& result) GRPC_OVERRIDE; + void ReportQPSPerCore(const ScenarioResult& result) GRPC_OVERRIDE; + void ReportLatency(const ScenarioResult& result) GRPC_OVERRIDE; + void ReportTimes(const ScenarioResult& result) GRPC_OVERRIDE; }; } // namespace testing |