• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *
3  * Copyright 2018 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <string.h>
22 
23 #include <grpc/grpc.h>
24 #include <grpc/support/alloc.h>
25 #include <grpc/support/log.h>
26 
27 #include "src/core/lib/security/security_connector/alts/alts_security_connector.h"
28 #include "src/core/lib/transport/transport.h"
29 #include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
30 #include "src/core/tsi/transport_security.h"
31 
32 using grpc_core::internal::grpc_alts_auth_context_from_tsi_peer;
33 
34 /* This file contains unit tests of grpc_alts_auth_context_from_tsi_peer(). */
test_invalid_input_failure()35 static void test_invalid_input_failure() {
36   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
37       grpc_alts_auth_context_from_tsi_peer(nullptr);
38   GPR_ASSERT(ctx == nullptr);
39 }
40 
test_empty_certificate_type_failure()41 static void test_empty_certificate_type_failure() {
42   tsi_peer peer;
43   GPR_ASSERT(tsi_construct_peer(0, &peer) == TSI_OK);
44   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
45       grpc_alts_auth_context_from_tsi_peer(&peer);
46   GPR_ASSERT(ctx == nullptr);
47   tsi_peer_destruct(&peer);
48 }
49 
test_empty_peer_property_failure()50 static void test_empty_peer_property_failure() {
51   tsi_peer peer;
52   GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
53   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
54                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
55                  &peer.properties[0]) == TSI_OK);
56   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
57       grpc_alts_auth_context_from_tsi_peer(&peer);
58   GPR_ASSERT(ctx == nullptr);
59   tsi_peer_destruct(&peer);
60 }
61 
test_missing_rpc_protocol_versions_property_failure()62 static void test_missing_rpc_protocol_versions_property_failure() {
63   tsi_peer peer;
64   GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
65   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
66                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
67                  &peer.properties[0]) == TSI_OK);
68   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
69                  TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
70                  &peer.properties[1]) == TSI_OK);
71   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
72       grpc_alts_auth_context_from_tsi_peer(&peer);
73   GPR_ASSERT(ctx == nullptr);
74   tsi_peer_destruct(&peer);
75 }
76 
test_missing_security_level_property_failure()77 static void test_missing_security_level_property_failure() {
78   tsi_peer peer;
79   GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
80   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
81                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
82                  &peer.properties[0]) == TSI_OK);
83   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
84                  TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
85                  &peer.properties[1]) == TSI_OK);
86   grpc_gcp_rpc_protocol_versions peer_versions;
87   grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
88                                          GRPC_PROTOCOL_VERSION_MAX_MAJOR,
89                                          GRPC_PROTOCOL_VERSION_MAX_MINOR);
90   grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
91                                          GRPC_PROTOCOL_VERSION_MIN_MAJOR,
92                                          GRPC_PROTOCOL_VERSION_MIN_MINOR);
93   grpc_slice serialized_peer_versions;
94   GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
95                                                    &serialized_peer_versions));
96 
97   GPR_ASSERT(tsi_construct_string_peer_property(
98                  TSI_ALTS_RPC_VERSIONS,
99                  reinterpret_cast<char*>(
100                      GRPC_SLICE_START_PTR(serialized_peer_versions)),
101                  GRPC_SLICE_LENGTH(serialized_peer_versions),
102                  &peer.properties[2]) == TSI_OK);
103   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
104       grpc_alts_auth_context_from_tsi_peer(&peer);
105   GPR_ASSERT(ctx == nullptr);
106   grpc_slice_unref(serialized_peer_versions);
107   tsi_peer_destruct(&peer);
108 }
109 
test_unknown_peer_property_failure()110 static void test_unknown_peer_property_failure() {
111   tsi_peer peer;
112   GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
113   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
114                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
115                  &peer.properties[0]) == TSI_OK);
116   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
117                  "unknown", "alice", &peer.properties[1]) == TSI_OK);
118   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
119       grpc_alts_auth_context_from_tsi_peer(&peer);
120   GPR_ASSERT(ctx == nullptr);
121   tsi_peer_destruct(&peer);
122 }
123 
test_identity(const grpc_auth_context * ctx,const char * expected_property_name,const char * expected_identity)124 static bool test_identity(const grpc_auth_context* ctx,
125                           const char* expected_property_name,
126                           const char* expected_identity) {
127   grpc_auth_property_iterator it;
128   const grpc_auth_property* prop;
129   GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
130   it = grpc_auth_context_peer_identity(ctx);
131   prop = grpc_auth_property_iterator_next(&it);
132   GPR_ASSERT(prop != nullptr);
133   if (strcmp(prop->name, expected_property_name) != 0) {
134     gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.",
135             expected_property_name, prop->name);
136     return false;
137   }
138   if (strncmp(prop->value, expected_identity, prop->value_length) != 0) {
139     gpr_log(GPR_ERROR, "Expected peer identity %s and got got %s.",
140             expected_identity, prop->value);
141     return false;
142   }
143   return true;
144 }
145 
test_alts_peer_to_auth_context_success()146 static void test_alts_peer_to_auth_context_success() {
147   tsi_peer peer;
148   GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
149   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
150                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
151                  &peer.properties[0]) == TSI_OK);
152   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
153                  TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
154                  &peer.properties[1]) == TSI_OK);
155   grpc_gcp_rpc_protocol_versions peer_versions;
156   grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
157                                          GRPC_PROTOCOL_VERSION_MAX_MAJOR,
158                                          GRPC_PROTOCOL_VERSION_MAX_MINOR);
159   grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
160                                          GRPC_PROTOCOL_VERSION_MIN_MAJOR,
161                                          GRPC_PROTOCOL_VERSION_MIN_MINOR);
162   grpc_slice serialized_peer_versions;
163   GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
164                                                    &serialized_peer_versions));
165   GPR_ASSERT(tsi_construct_string_peer_property(
166                  TSI_ALTS_RPC_VERSIONS,
167                  reinterpret_cast<char*>(
168                      GRPC_SLICE_START_PTR(serialized_peer_versions)),
169                  GRPC_SLICE_LENGTH(serialized_peer_versions),
170                  &peer.properties[2]) == TSI_OK);
171   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
172                  TSI_SECURITY_LEVEL_PEER_PROPERTY,
173                  tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY),
174                  &peer.properties[3]) == TSI_OK);
175   char test_ctx[] = "test serialized context";
176   grpc_slice serialized_alts_ctx = grpc_slice_from_copied_string(test_ctx);
177   GPR_ASSERT(
178       tsi_construct_string_peer_property(
179           TSI_ALTS_CONTEXT,
180           reinterpret_cast<char*>(GRPC_SLICE_START_PTR(serialized_alts_ctx)),
181           GRPC_SLICE_LENGTH(serialized_alts_ctx),
182           &peer.properties[4]) == TSI_OK);
183   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
184       grpc_alts_auth_context_from_tsi_peer(&peer);
185   GPR_ASSERT(ctx != nullptr);
186   GPR_ASSERT(test_identity(ctx.get(), TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY,
187                            "alice"));
188   ctx.reset(DEBUG_LOCATION, "test");
189   grpc_slice_unref(serialized_peer_versions);
190   grpc_slice_unref(serialized_alts_ctx);
191   tsi_peer_destruct(&peer);
192 }
193 
main(int,char **)194 int main(int /*argc*/, char** /*argv*/) {
195   /* Test. */
196   test_invalid_input_failure();
197   test_empty_certificate_type_failure();
198   test_empty_peer_property_failure();
199   test_unknown_peer_property_failure();
200   test_missing_rpc_protocol_versions_property_failure();
201   test_missing_security_level_property_failure();
202   test_alts_peer_to_auth_context_success();
203 
204   return 0;
205 }
206