• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 //
3 // Copyright 2018 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #include "src/core/lib/security/security_connector/alts/alts_security_connector.h"
20 
21 #include <grpc/grpc.h>
22 #include <grpc/support/alloc.h>
23 #include <gtest/gtest.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 
28 #include "absl/log/log.h"
29 #include "src/core/lib/security/context/security_context.h"
30 #include "src/core/lib/transport/transport.h"
31 #include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
32 #include "src/core/tsi/transport_security.h"
33 #include "src/core/util/crash.h"
34 
35 using grpc_core::internal::grpc_alts_auth_context_from_tsi_peer;
36 
37 // This file contains unit tests of grpc_alts_auth_context_from_tsi_peer().
TEST(AltsSecurityConnectorTest,InvalidInputFailure)38 TEST(AltsSecurityConnectorTest, InvalidInputFailure) {
39   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
40       grpc_alts_auth_context_from_tsi_peer(nullptr);
41   ASSERT_EQ(ctx, nullptr);
42 }
43 
TEST(AltsSecurityConnectorTest,EmptyCertificateTypeFailure)44 TEST(AltsSecurityConnectorTest, EmptyCertificateTypeFailure) {
45   tsi_peer peer;
46   ASSERT_EQ(tsi_construct_peer(0, &peer), TSI_OK);
47   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
48       grpc_alts_auth_context_from_tsi_peer(&peer);
49   ASSERT_EQ(ctx, nullptr);
50   tsi_peer_destruct(&peer);
51 }
52 
TEST(AltsSecurityConnectorTest,EmptyPeerPropertyFailure)53 TEST(AltsSecurityConnectorTest, EmptyPeerPropertyFailure) {
54   tsi_peer peer;
55   ASSERT_EQ(tsi_construct_peer(1, &peer), TSI_OK);
56   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
57                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
58                 &peer.properties[0]),
59             TSI_OK);
60   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
61       grpc_alts_auth_context_from_tsi_peer(&peer);
62   ASSERT_EQ(ctx, nullptr);
63   tsi_peer_destruct(&peer);
64 }
65 
TEST(AltsSecurityConnectorTest,MissingRpcProtocolVersionsPropertyFailure)66 TEST(AltsSecurityConnectorTest, MissingRpcProtocolVersionsPropertyFailure) {
67   tsi_peer peer;
68   ASSERT_EQ(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer), TSI_OK);
69   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
70                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
71                 &peer.properties[0]),
72             TSI_OK);
73   ASSERT_EQ(
74       tsi_construct_string_peer_property_from_cstring(
75           TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", &peer.properties[1]),
76       TSI_OK);
77   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
78       grpc_alts_auth_context_from_tsi_peer(&peer);
79   ASSERT_EQ(ctx, nullptr);
80   tsi_peer_destruct(&peer);
81 }
82 
TEST(AltsSecurityConnectorTest,MissingSecurityLevelPropertyFailure)83 TEST(AltsSecurityConnectorTest, MissingSecurityLevelPropertyFailure) {
84   tsi_peer peer;
85   ASSERT_EQ(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer), TSI_OK);
86   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
87                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
88                 &peer.properties[0]),
89             TSI_OK);
90   ASSERT_EQ(
91       tsi_construct_string_peer_property_from_cstring(
92           TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", &peer.properties[1]),
93       TSI_OK);
94   grpc_gcp_rpc_protocol_versions peer_versions;
95   grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
96                                          GRPC_PROTOCOL_VERSION_MAX_MAJOR,
97                                          GRPC_PROTOCOL_VERSION_MAX_MINOR);
98   grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
99                                          GRPC_PROTOCOL_VERSION_MIN_MAJOR,
100                                          GRPC_PROTOCOL_VERSION_MIN_MINOR);
101   grpc_slice serialized_peer_versions;
102   ASSERT_TRUE(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
103                                                     &serialized_peer_versions));
104 
105   ASSERT_EQ(
106       tsi_construct_string_peer_property(
107           TSI_ALTS_RPC_VERSIONS,
108           reinterpret_cast<char*>(
109               GRPC_SLICE_START_PTR(serialized_peer_versions)),
110           GRPC_SLICE_LENGTH(serialized_peer_versions), &peer.properties[2]),
111       TSI_OK);
112   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
113       grpc_alts_auth_context_from_tsi_peer(&peer);
114   ASSERT_EQ(ctx, nullptr);
115   grpc_slice_unref(serialized_peer_versions);
116   tsi_peer_destruct(&peer);
117 }
118 
TEST(AltsSecurityConnectorTest,UnknownPeerPropertyFailure)119 TEST(AltsSecurityConnectorTest, UnknownPeerPropertyFailure) {
120   tsi_peer peer;
121   ASSERT_EQ(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer), TSI_OK);
122   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
123                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
124                 &peer.properties[0]),
125             TSI_OK);
126   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
127                 "unknown", "alice", &peer.properties[1]),
128             TSI_OK);
129   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
130       grpc_alts_auth_context_from_tsi_peer(&peer);
131   ASSERT_EQ(ctx, nullptr);
132   tsi_peer_destruct(&peer);
133 }
134 
test_identity(const grpc_auth_context * ctx,const char * expected_property_name,const char * expected_identity)135 static bool test_identity(const grpc_auth_context* ctx,
136                           const char* expected_property_name,
137                           const char* expected_identity) {
138   grpc_auth_property_iterator it;
139   const grpc_auth_property* prop;
140   EXPECT_TRUE(grpc_auth_context_peer_is_authenticated(ctx));
141   it = grpc_auth_context_peer_identity(ctx);
142   prop = grpc_auth_property_iterator_next(&it);
143   EXPECT_NE(prop, nullptr);
144   if (strcmp(prop->name, expected_property_name) != 0) {
145     LOG(ERROR) << "Expected peer identity property name "
146                << expected_property_name << " and got " << prop->name;
147     return false;
148   }
149   if (strncmp(prop->value, expected_identity, prop->value_length) != 0) {
150     LOG(ERROR) << "Expected peer identity " << expected_identity << " and got "
151                << prop->value;
152     return false;
153   }
154   return true;
155 }
156 
TEST(AltsSecurityConnectorTest,AltsPeerToAuthContextSuccess)157 TEST(AltsSecurityConnectorTest, AltsPeerToAuthContextSuccess) {
158   tsi_peer peer;
159   ASSERT_EQ(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer), TSI_OK);
160   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
161                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
162                 &peer.properties[0]),
163             TSI_OK);
164   ASSERT_EQ(
165       tsi_construct_string_peer_property_from_cstring(
166           TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", &peer.properties[1]),
167       TSI_OK);
168   grpc_gcp_rpc_protocol_versions peer_versions;
169   grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
170                                          GRPC_PROTOCOL_VERSION_MAX_MAJOR,
171                                          GRPC_PROTOCOL_VERSION_MAX_MINOR);
172   grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
173                                          GRPC_PROTOCOL_VERSION_MIN_MAJOR,
174                                          GRPC_PROTOCOL_VERSION_MIN_MINOR);
175   grpc_slice serialized_peer_versions;
176   ASSERT_TRUE(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
177                                                     &serialized_peer_versions));
178   ASSERT_EQ(
179       tsi_construct_string_peer_property(
180           TSI_ALTS_RPC_VERSIONS,
181           reinterpret_cast<char*>(
182               GRPC_SLICE_START_PTR(serialized_peer_versions)),
183           GRPC_SLICE_LENGTH(serialized_peer_versions), &peer.properties[2]),
184       TSI_OK);
185   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
186                 TSI_SECURITY_LEVEL_PEER_PROPERTY,
187                 tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY),
188                 &peer.properties[3]),
189             TSI_OK);
190   char test_ctx[] = "test serialized context";
191   grpc_slice serialized_alts_ctx = grpc_slice_from_copied_string(test_ctx);
192   ASSERT_EQ(
193       tsi_construct_string_peer_property(
194           TSI_ALTS_CONTEXT,
195           reinterpret_cast<char*>(GRPC_SLICE_START_PTR(serialized_alts_ctx)),
196           GRPC_SLICE_LENGTH(serialized_alts_ctx), &peer.properties[4]),
197       TSI_OK);
198   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
199       grpc_alts_auth_context_from_tsi_peer(&peer);
200   ASSERT_NE(ctx, nullptr);
201   ASSERT_TRUE(test_identity(ctx.get(), TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY,
202                             "alice"));
203   ctx.reset(DEBUG_LOCATION, "test");
204   grpc_slice_unref(serialized_peer_versions);
205   grpc_slice_unref(serialized_alts_ctx);
206   tsi_peer_destruct(&peer);
207 }
208 
main(int argc,char ** argv)209 int main(int argc, char** argv) {
210   ::testing::InitGoogleTest(&argc, argv);
211   return RUN_ALL_TESTS();
212 }
213