1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "src/core/lib/security/authorization/evaluate_args.h"
16
17 #include <gmock/gmock.h>
18 #include <grpc/support/port_platform.h>
19 #include <gtest/gtest.h>
20
21 #include "src/core/lib/address_utils/sockaddr_utils.h"
22 #include "test/core/test_util/evaluate_args_test_util.h"
23 #include "test/core/test_util/test_config.h"
24
25 namespace grpc_core {
26
27 class EvaluateArgsTest : public ::testing::Test {
28 protected:
29 EvaluateArgsTestUtil util_;
30 };
31
TEST_F(EvaluateArgsTest,EmptyMetadata)32 TEST_F(EvaluateArgsTest, EmptyMetadata) {
33 EvaluateArgs args = util_.MakeEvaluateArgs();
34 EXPECT_THAT(args.GetPath(), ::testing::IsEmpty());
35 EXPECT_THAT(args.GetMethod(), ::testing::IsEmpty());
36 EXPECT_THAT(args.GetAuthority(), ::testing::IsEmpty());
37 EXPECT_EQ(args.GetHeaderValue("some_key", nullptr), absl::nullopt);
38 }
39
TEST_F(EvaluateArgsTest,GetPathSuccess)40 TEST_F(EvaluateArgsTest, GetPathSuccess) {
41 util_.AddPairToMetadata(":path", "/expected/path");
42 EvaluateArgs args = util_.MakeEvaluateArgs();
43 EXPECT_EQ(args.GetPath(), "/expected/path");
44 }
45
TEST_F(EvaluateArgsTest,GetAuthoritySuccess)46 TEST_F(EvaluateArgsTest, GetAuthoritySuccess) {
47 util_.AddPairToMetadata(":authority", "test.google.com");
48 EvaluateArgs args = util_.MakeEvaluateArgs();
49 EXPECT_EQ(args.GetAuthority(), "test.google.com");
50 }
51
TEST_F(EvaluateArgsTest,GetMethodSuccess)52 TEST_F(EvaluateArgsTest, GetMethodSuccess) {
53 util_.AddPairToMetadata(":method", "GET");
54 EvaluateArgs args = util_.MakeEvaluateArgs();
55 EXPECT_EQ(args.GetMethod(), "GET");
56 }
57
TEST_F(EvaluateArgsTest,GetHeaderValueSuccess)58 TEST_F(EvaluateArgsTest, GetHeaderValueSuccess) {
59 util_.AddPairToMetadata("key123", "value123");
60 EvaluateArgs args = util_.MakeEvaluateArgs();
61 std::string concatenated_value;
62 absl::optional<absl::string_view> value =
63 args.GetHeaderValue("key123", &concatenated_value);
64 ASSERT_TRUE(value.has_value());
65 EXPECT_EQ(value.value(), "value123");
66 }
67
TEST_F(EvaluateArgsTest,GetHeaderValueAliasesHost)68 TEST_F(EvaluateArgsTest, GetHeaderValueAliasesHost) {
69 util_.AddPairToMetadata(":authority", "test.google.com");
70 EvaluateArgs args = util_.MakeEvaluateArgs();
71 std::string concatenated_value;
72 absl::optional<absl::string_view> value =
73 args.GetHeaderValue("host", &concatenated_value);
74 ASSERT_TRUE(value.has_value());
75 EXPECT_EQ(value.value(), "test.google.com");
76 }
77
TEST_F(EvaluateArgsTest,TestLocalAddressAndPort)78 TEST_F(EvaluateArgsTest, TestLocalAddressAndPort) {
79 util_.SetLocalEndpoint("ipv6:[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:456");
80 EvaluateArgs args = util_.MakeEvaluateArgs();
81 grpc_resolved_address local_address = args.GetLocalAddress();
82 EXPECT_EQ(grpc_sockaddr_to_uri(&local_address).value(),
83 "ipv6:%5B2001:db8:85a3::8a2e:370:7334%5D:456");
84 EXPECT_EQ(args.GetLocalAddressString(),
85 "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
86 EXPECT_EQ(args.GetLocalPort(), 456);
87 }
88
TEST_F(EvaluateArgsTest,TestPeerAddressAndPort)89 TEST_F(EvaluateArgsTest, TestPeerAddressAndPort) {
90 util_.SetPeerEndpoint("ipv4:255.255.255.255:123");
91 EvaluateArgs args = util_.MakeEvaluateArgs();
92 grpc_resolved_address peer_address = args.GetPeerAddress();
93 EXPECT_EQ(grpc_sockaddr_to_uri(&peer_address).value(),
94 "ipv4:255.255.255.255:123");
95 EXPECT_EQ(args.GetPeerAddressString(), "255.255.255.255");
96 EXPECT_EQ(args.GetPeerPort(), 123);
97 }
98
TEST_F(EvaluateArgsTest,EmptyAuthContext)99 TEST_F(EvaluateArgsTest, EmptyAuthContext) {
100 EvaluateArgs args = util_.MakeEvaluateArgs();
101 EXPECT_TRUE(args.GetTransportSecurityType().empty());
102 EXPECT_TRUE(args.GetSpiffeId().empty());
103 EXPECT_TRUE(args.GetUriSans().empty());
104 EXPECT_TRUE(args.GetDnsSans().empty());
105 EXPECT_TRUE(args.GetSubject().empty());
106 EXPECT_TRUE(args.GetCommonName().empty());
107 }
108
TEST_F(EvaluateArgsTest,GetTransportSecurityTypeSuccessOneProperty)109 TEST_F(EvaluateArgsTest, GetTransportSecurityTypeSuccessOneProperty) {
110 util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
111 "ssl");
112 EvaluateArgs args = util_.MakeEvaluateArgs();
113 EXPECT_EQ(args.GetTransportSecurityType(), "ssl");
114 }
115
TEST_F(EvaluateArgsTest,GetTransportSecurityTypeFailDuplicateProperty)116 TEST_F(EvaluateArgsTest, GetTransportSecurityTypeFailDuplicateProperty) {
117 util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
118 "type1");
119 util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
120 "type2");
121 EvaluateArgs args = util_.MakeEvaluateArgs();
122 EXPECT_TRUE(args.GetTransportSecurityType().empty());
123 }
124
TEST_F(EvaluateArgsTest,GetSpiffeIdSuccessOneProperty)125 TEST_F(EvaluateArgsTest, GetSpiffeIdSuccessOneProperty) {
126 util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id123");
127 EvaluateArgs args = util_.MakeEvaluateArgs();
128 EXPECT_EQ(args.GetSpiffeId(), "id123");
129 }
130
TEST_F(EvaluateArgsTest,GetSpiffeIdFailDuplicateProperty)131 TEST_F(EvaluateArgsTest, GetSpiffeIdFailDuplicateProperty) {
132 util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id123");
133 util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id456");
134 EvaluateArgs args = util_.MakeEvaluateArgs();
135 EXPECT_TRUE(args.GetSpiffeId().empty());
136 }
137
TEST_F(EvaluateArgsTest,GetUriSanSuccessMultipleProperties)138 TEST_F(EvaluateArgsTest, GetUriSanSuccessMultipleProperties) {
139 util_.AddPropertyToAuthContext(GRPC_PEER_URI_PROPERTY_NAME, "foo");
140 util_.AddPropertyToAuthContext(GRPC_PEER_URI_PROPERTY_NAME, "bar");
141 EvaluateArgs args = util_.MakeEvaluateArgs();
142 EXPECT_THAT(args.GetUriSans(), ::testing::ElementsAre("foo", "bar"));
143 }
144
TEST_F(EvaluateArgsTest,GetDnsSanSuccessMultipleProperties)145 TEST_F(EvaluateArgsTest, GetDnsSanSuccessMultipleProperties) {
146 util_.AddPropertyToAuthContext(GRPC_PEER_DNS_PROPERTY_NAME, "foo");
147 util_.AddPropertyToAuthContext(GRPC_PEER_DNS_PROPERTY_NAME, "bar");
148 EvaluateArgs args = util_.MakeEvaluateArgs();
149 EXPECT_THAT(args.GetDnsSans(), ::testing::ElementsAre("foo", "bar"));
150 }
151
TEST_F(EvaluateArgsTest,GetCommonNameSuccessOneProperty)152 TEST_F(EvaluateArgsTest, GetCommonNameSuccessOneProperty) {
153 util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server123");
154 EvaluateArgs args = util_.MakeEvaluateArgs();
155 EXPECT_EQ(args.GetCommonName(), "server123");
156 }
157
TEST_F(EvaluateArgsTest,GetCommonNameFailDuplicateProperty)158 TEST_F(EvaluateArgsTest, GetCommonNameFailDuplicateProperty) {
159 util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server123");
160 util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server456");
161 EvaluateArgs args = util_.MakeEvaluateArgs();
162 EXPECT_TRUE(args.GetCommonName().empty());
163 }
164
TEST_F(EvaluateArgsTest,GetSubjectSuccessOneProperty)165 TEST_F(EvaluateArgsTest, GetSubjectSuccessOneProperty) {
166 util_.AddPropertyToAuthContext(GRPC_X509_SUBJECT_PROPERTY_NAME,
167 "CN=abc,OU=Google");
168 EvaluateArgs args = util_.MakeEvaluateArgs();
169 EXPECT_EQ(args.GetSubject(), "CN=abc,OU=Google");
170 }
171
TEST_F(EvaluateArgsTest,GetSubjectFailDuplicateProperty)172 TEST_F(EvaluateArgsTest, GetSubjectFailDuplicateProperty) {
173 util_.AddPropertyToAuthContext(GRPC_X509_SUBJECT_PROPERTY_NAME,
174 "CN=abc,OU=Google");
175 util_.AddPropertyToAuthContext(GRPC_X509_SUBJECT_PROPERTY_NAME,
176 "CN=def,OU=Google");
177 EvaluateArgs args = util_.MakeEvaluateArgs();
178 EXPECT_TRUE(args.GetSubject().empty());
179 }
180
181 } // namespace grpc_core
182
main(int argc,char ** argv)183 int main(int argc, char** argv) {
184 grpc::testing::TestEnvironment env(&argc, argv);
185 ::testing::InitGoogleTest(&argc, argv);
186 grpc_init();
187 int ret = RUN_ALL_TESTS();
188 grpc_shutdown();
189 return ret;
190 }
191