From ee9d78b960f5c26181c9499412829a95fc972745 Mon Sep 17 00:00:00 2001
From: Julien Boeuf <jboeuf@google.com>
Date: Fri, 18 Dec 2015 09:50:34 -0800
Subject: Unit testing the peer from auth context functionality.

---
 test/core/security/security_connector_test.c | 55 ++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

(limited to 'test')

diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c
index 2f417f891e..0dcffa40ce 100644
--- a/test/core/security/security_connector_test.c
+++ b/test/core/security/security_connector_test.c
@@ -60,8 +60,39 @@ static int check_transport_security_type(const grpc_auth_context *ctx) {
   return 1;
 }
 
+static int check_peer_property(const tsi_peer *peer,
+                               const tsi_peer_property *expected) {
+  size_t i;
+  for (i = 0; i < peer->property_count; i++) {
+    const tsi_peer_property *prop = &peer->properties[i];
+    if ((strcmp(prop->name, expected->name) == 0) &&
+        (prop->value.length == expected->value.length) &&
+        (memcmp(prop->value.data, expected->value.data,
+                expected->value.length) == 0)) {
+      return 1;
+    }
+  }
+  return 0; /* Not found... */
+}
+
+static int check_ssl_peer_equivalence(const tsi_peer *original,
+                                      const tsi_peer *reconstructed) {
+  /* The reconstructed peer only has CN and SAN properties. */
+  size_t i;
+  for (i = 0; i < original->property_count; i++) {
+    const tsi_peer_property *prop = &original->properties[i];
+    if ((strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) ||
+        (strcmp(prop->name, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) ==
+         0)) {
+      if (!check_peer_property(reconstructed, prop)) return 0;
+    }
+  }
+  return 1;
+}
+
 static void test_unauthenticated_ssl_peer(void) {
   tsi_peer peer;
+  tsi_peer rpeer;
   grpc_auth_context *ctx;
   GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
@@ -72,6 +103,10 @@ static void test_unauthenticated_ssl_peer(void) {
   GPR_ASSERT(!grpc_auth_context_peer_is_authenticated(ctx));
   GPR_ASSERT(check_transport_security_type(ctx));
 
+  rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+  tsi_shallow_peer_destruct(&rpeer);
   tsi_peer_destruct(&peer);
   GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
 }
@@ -128,6 +163,7 @@ static int check_x509_cn(const grpc_auth_context *ctx,
 
 static void test_cn_only_ssl_peer_to_auth_context(void) {
   tsi_peer peer;
+  tsi_peer rpeer;
   grpc_auth_context *ctx;
   const char *expected_cn = "cn1";
   GPR_ASSERT(tsi_construct_peer(2, &peer) == TSI_OK);
@@ -144,12 +180,17 @@ static void test_cn_only_ssl_peer_to_auth_context(void) {
   GPR_ASSERT(check_transport_security_type(ctx));
   GPR_ASSERT(check_x509_cn(ctx, expected_cn));
 
+  rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+  tsi_shallow_peer_destruct(&rpeer);
   tsi_peer_destruct(&peer);
   GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
 }
 
 static void test_cn_and_one_san_ssl_peer_to_auth_context(void) {
   tsi_peer peer;
+  tsi_peer rpeer;
   grpc_auth_context *ctx;
   const char *expected_cn = "cn1";
   const char *expected_san = "san1";
@@ -171,12 +212,17 @@ static void test_cn_and_one_san_ssl_peer_to_auth_context(void) {
   GPR_ASSERT(check_transport_security_type(ctx));
   GPR_ASSERT(check_x509_cn(ctx, expected_cn));
 
+  rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+  tsi_shallow_peer_destruct(&rpeer);
   tsi_peer_destruct(&peer);
   GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
 }
 
 static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
   tsi_peer peer;
+  tsi_peer rpeer;
   grpc_auth_context *ctx;
   const char *expected_cn = "cn1";
   const char *expected_sans[] = {"san1", "san2", "san3"};
@@ -202,6 +248,10 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
   GPR_ASSERT(check_transport_security_type(ctx));
   GPR_ASSERT(check_x509_cn(ctx, expected_cn));
 
+  rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+  tsi_shallow_peer_destruct(&rpeer);
   tsi_peer_destruct(&peer);
   GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
 }
@@ -209,6 +259,7 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
 static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(
     void) {
   tsi_peer peer;
+  tsi_peer rpeer;
   grpc_auth_context *ctx;
   const char *expected_cn = "cn1";
   const char *expected_sans[] = {"san1", "san2", "san3"};
@@ -238,6 +289,10 @@ static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(
   GPR_ASSERT(check_transport_security_type(ctx));
   GPR_ASSERT(check_x509_cn(ctx, expected_cn));
 
+  rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+  tsi_shallow_peer_destruct(&rpeer);
   tsi_peer_destruct(&peer);
   GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
 }
-- 
cgit v1.2.3