/* * * Copyright 2015, Google Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following disclaimer * in the documentation and/or other materials provided with the * distribution. * * Neither the name of Google Inc. nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "test/core/end2end/end2end_tests.h" #include #include #include #include #include #include "src/core/lib/channel/channel_args.h" #include "src/core/lib/iomgr/iomgr.h" #include "src/core/lib/security/credentials.h" #include "test/core/end2end/data/ssl_test_data.h" #include "test/core/util/port.h" #include "test/core/util/test_config.h" static const char oauth2_md[] = "Bearer aaslkfjs424535asdf"; static const char *client_identity_property_name = "smurf_name"; static const char *client_identity = "Brainy Smurf"; typedef struct fullstack_secure_fixture_data { char *localaddr; } fullstack_secure_fixture_data; static const grpc_metadata *find_metadata(const grpc_metadata *md, size_t md_count, const char *key, const char *value) { size_t i; for (i = 0; i < md_count; i++) { if (strcmp(key, md[i].key) == 0 && strlen(value) == md[i].value_length && memcmp(md[i].value, value, md[i].value_length) == 0) { return &md[i]; } } return NULL; } typedef struct { size_t pseudo_refcount; } test_processor_state; static void process_oauth2_success(void *state, grpc_auth_context *ctx, const grpc_metadata *md, size_t md_count, grpc_process_auth_metadata_done_cb cb, void *user_data) { const grpc_metadata *oauth2 = find_metadata(md, md_count, "Authorization", oauth2_md); test_processor_state *s; GPR_ASSERT(state != NULL); s = (test_processor_state *)state; GPR_ASSERT(s->pseudo_refcount == 1); GPR_ASSERT(oauth2 != NULL); grpc_auth_context_add_cstring_property(ctx, client_identity_property_name, client_identity); GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name( ctx, client_identity_property_name) == 1); cb(user_data, oauth2, 1, NULL, 0, GRPC_STATUS_OK, NULL); } static void process_oauth2_failure(void *state, grpc_auth_context *ctx, const grpc_metadata *md, size_t md_count, grpc_process_auth_metadata_done_cb cb, void *user_data) { const grpc_metadata *oauth2 = find_metadata(md, md_count, "Authorization", oauth2_md); test_processor_state *s; GPR_ASSERT(state != NULL); s = (test_processor_state *)state; GPR_ASSERT(s->pseudo_refcount == 1); GPR_ASSERT(oauth2 != NULL); cb(user_data, oauth2, 1, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL); } static grpc_end2end_test_fixture chttp2_create_fixture_secure_fullstack( grpc_channel_args *client_args, grpc_channel_args *server_args) { grpc_end2end_test_fixture f; int port = grpc_pick_unused_port_or_die(); fullstack_secure_fixture_data *ffd = gpr_malloc(sizeof(fullstack_secure_fixture_data)); memset(&f, 0, sizeof(f)); gpr_join_host_port(&ffd->localaddr, "localhost", port); f.fixture_data = ffd; f.cq = grpc_completion_queue_create(NULL); return f; } static void chttp2_init_client_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *client_args, grpc_channel_credentials *creds) { fullstack_secure_fixture_data *ffd = f->fixture_data; f->client = grpc_secure_channel_create(creds, ffd->localaddr, client_args, NULL); GPR_ASSERT(f->client != NULL); grpc_channel_credentials_release(creds); } static void chttp2_init_server_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *server_args, grpc_server_credentials *server_creds) { fullstack_secure_fixture_data *ffd = f->fixture_data; if (f->server) { grpc_server_destroy(f->server); } f->server = grpc_server_create(server_args, NULL); grpc_server_register_completion_queue(f->server, f->cq, NULL); GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr, server_creds)); grpc_server_credentials_release(server_creds); grpc_server_start(f->server); } void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) { fullstack_secure_fixture_data *ffd = f->fixture_data; gpr_free(ffd->localaddr); gpr_free(ffd); } static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *client_args) { grpc_channel_credentials *ssl_creds = grpc_ssl_credentials_create(test_root_cert, NULL, NULL); grpc_call_credentials *oauth2_creds = grpc_md_only_test_credentials_create("Authorization", oauth2_md, 1); grpc_channel_credentials *ssl_oauth2_creds = grpc_composite_channel_credentials_create(ssl_creds, oauth2_creds, NULL); grpc_arg ssl_name_override = {GRPC_ARG_STRING, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, {"foo.test.google.fr"}}; grpc_channel_args *new_client_args = grpc_channel_args_copy_and_add(client_args, &ssl_name_override, 1); chttp2_init_client_secure_fullstack(f, new_client_args, ssl_oauth2_creds); grpc_channel_args_destroy(new_client_args); grpc_channel_credentials_release(ssl_creds); grpc_call_credentials_release(oauth2_creds); } static int fail_server_auth_check(grpc_channel_args *server_args) { size_t i; if (server_args == NULL) return 0; for (i = 0; i < server_args->num_args; i++) { if (strcmp(server_args->args[i].key, FAIL_AUTH_CHECK_SERVER_ARG_NAME) == 0) { return 1; } } return 0; } static void processor_destroy(void *state) { test_processor_state *s = (test_processor_state *)state; GPR_ASSERT((s->pseudo_refcount--) == 1); gpr_free(s); } static grpc_auth_metadata_processor test_processor_create(int failing) { test_processor_state *s = gpr_malloc(sizeof(*s)); grpc_auth_metadata_processor result; s->pseudo_refcount = 1; result.state = s; result.destroy = processor_destroy; if (failing) { result.process = process_oauth2_failure; } else { result.process = process_oauth2_success; } return result; } static void chttp2_init_server_simple_ssl_secure_fullstack( grpc_end2end_test_fixture *f, grpc_channel_args *server_args) { grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key, test_server1_cert}; grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1, 0, NULL); grpc_server_credentials_set_auth_metadata_processor( ssl_creds, test_processor_create(fail_server_auth_check(server_args))); chttp2_init_server_secure_fullstack(f, server_args, ssl_creds); } /* All test configurations */ static grpc_end2end_test_config configs[] = { {"chttp2/simple_ssl_with_oauth2_fullstack", FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION | FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS, chttp2_create_fixture_secure_fullstack, chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack, chttp2_init_server_simple_ssl_secure_fullstack, chttp2_tear_down_secure_fullstack}, }; int main(int argc, char **argv) { size_t i; grpc_test_init(argc, argv); grpc_init(); for (i = 0; i < sizeof(configs) / sizeof(*configs); i++) { grpc_end2end_tests(argc, argv, configs[i]); } grpc_shutdown(); return 0; }