diff options
Diffstat (limited to 'test')
-rwxr-xr-x | test/core/httpcli/test_server.py | 28 | ||||
-rw-r--r-- | test/core/security/jwt_verifier_test.c | 62 | ||||
-rw-r--r-- | test/core/security/security_connector_test.c | 57 |
3 files changed, 116 insertions, 31 deletions
diff --git a/test/core/httpcli/test_server.py b/test/core/httpcli/test_server.py index 225c2a6b0f..dbbf5ceb3c 100755 --- a/test/core/httpcli/test_server.py +++ b/test/core/httpcli/test_server.py @@ -1,4 +1,32 @@ #!/usr/bin/env python2.7 +# Copyright 2015, Google Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following disclaimer +# in the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Google Inc. nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. """Server for httpcli_test""" diff --git a/test/core/security/jwt_verifier_test.c b/test/core/security/jwt_verifier_test.c index 9c526a7b5d..d36dda37ed 100644 --- a/test/core/security/jwt_verifier_test.c +++ b/test/core/security/jwt_verifier_test.c @@ -1,35 +1,35 @@ /* -* -*Copyright 2015, Google Inc. -*All rights reserved. -* -*Redistribution and use in source and binary forms, with or without -*modification, are permitted provided that the following conditions are -*met: -* -* * Redistributions of source code must retain the above copyright -*notice, this list of conditions and the following disclaimer. -* * Redistributions in binary form must reproduce the above -*copyright notice, this list of conditions and the following disclaimer -*in the documentation and/or other materials provided with the -*distribution. -* * Neither the name of Google Inc. nor the names of its -*contributors may be used to endorse or promote products derived from -*this software without specific prior written permission. -* -*THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -*"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -*LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -*A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -*OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -*SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -*LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -*DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -*THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -*(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -*OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -* -*/ + * + * Copyright 2015, Google Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ #include "src/core/security/jwt_verifier.h" diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c index 3f6c592b0b..0dcffa40ce 100644 --- a/test/core/security/security_connector_test.c +++ b/test/core/security/security_connector_test.c @@ -60,8 +60,39 @@ static int check_transport_security_type(const grpc_auth_context *ctx) { return 1; } +static int check_peer_property(const tsi_peer *peer, + const tsi_peer_property *expected) { + size_t i; + for (i = 0; i < peer->property_count; i++) { + const tsi_peer_property *prop = &peer->properties[i]; + if ((strcmp(prop->name, expected->name) == 0) && + (prop->value.length == expected->value.length) && + (memcmp(prop->value.data, expected->value.data, + expected->value.length) == 0)) { + return 1; + } + } + return 0; /* Not found... */ +} + +static int check_ssl_peer_equivalence(const tsi_peer *original, + const tsi_peer *reconstructed) { + /* The reconstructed peer only has CN and SAN properties. */ + size_t i; + for (i = 0; i < original->property_count; i++) { + const tsi_peer_property *prop = &original->properties[i]; + if ((strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) || + (strcmp(prop->name, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == + 0)) { + if (!check_peer_property(reconstructed, prop)) return 0; + } + } + return 1; +} + static void test_unauthenticated_ssl_peer(void) { tsi_peer peer; + tsi_peer rpeer; grpc_auth_context *ctx; GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK); GPR_ASSERT(tsi_construct_string_peer_property_from_cstring( @@ -72,6 +103,10 @@ static void test_unauthenticated_ssl_peer(void) { GPR_ASSERT(!grpc_auth_context_peer_is_authenticated(ctx)); GPR_ASSERT(check_transport_security_type(ctx)); + rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); + GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); + + tsi_shallow_peer_destruct(&rpeer); tsi_peer_destruct(&peer); GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); } @@ -128,6 +163,7 @@ static int check_x509_cn(const grpc_auth_context *ctx, static void test_cn_only_ssl_peer_to_auth_context(void) { tsi_peer peer; + tsi_peer rpeer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; GPR_ASSERT(tsi_construct_peer(2, &peer) == TSI_OK); @@ -144,12 +180,17 @@ static void test_cn_only_ssl_peer_to_auth_context(void) { GPR_ASSERT(check_transport_security_type(ctx)); GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); + GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); + + tsi_shallow_peer_destruct(&rpeer); tsi_peer_destruct(&peer); GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); } static void test_cn_and_one_san_ssl_peer_to_auth_context(void) { tsi_peer peer; + tsi_peer rpeer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; const char *expected_san = "san1"; @@ -171,12 +212,17 @@ static void test_cn_and_one_san_ssl_peer_to_auth_context(void) { GPR_ASSERT(check_transport_security_type(ctx)); GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); + GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); + + tsi_shallow_peer_destruct(&rpeer); tsi_peer_destruct(&peer); GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); } static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) { tsi_peer peer; + tsi_peer rpeer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; const char *expected_sans[] = {"san1", "san2", "san3"}; @@ -202,6 +248,10 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) { GPR_ASSERT(check_transport_security_type(ctx)); GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); + GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); + + tsi_shallow_peer_destruct(&rpeer); tsi_peer_destruct(&peer); GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); } @@ -209,6 +259,7 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) { static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context( void) { tsi_peer peer; + tsi_peer rpeer; grpc_auth_context *ctx; const char *expected_cn = "cn1"; const char *expected_sans[] = {"san1", "san2", "san3"}; @@ -238,10 +289,16 @@ static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context( GPR_ASSERT(check_transport_security_type(ctx)); GPR_ASSERT(check_x509_cn(ctx, expected_cn)); + rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx); + GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer)); + + tsi_shallow_peer_destruct(&rpeer); tsi_peer_destruct(&peer); GRPC_AUTH_CONTEXT_UNREF(ctx, "test"); } +/* TODO(jboeuf): Unit-test tsi_shallow_peer_from_auth_context. */ + int main(int argc, char **argv) { grpc_test_init(argc, argv); grpc_init(); |