1 // Copyright 2020 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <grpc/support/port_platform.h>
16
17 #include <gmock/gmock.h>
18 #include <gtest/gtest.h>
19
20 #include "absl/strings/string_view.h"
21
22 #include "src/core/lib/security/authorization/evaluate_args.h"
23 #include "test/core/util/eval_args_mock_endpoint.h"
24 #include "test/core/util/test_config.h"
25
26 namespace grpc_core {
27
28 class EvaluateArgsTest : public ::testing::Test {
29 protected:
SetUp()30 void SetUp() override {
31 local_address_ = "255.255.255.255";
32 peer_address_ = "128.128.128.128";
33 local_port_ = 413;
34 peer_port_ = 314;
35 endpoint_ = CreateEvalArgsMockEndpoint(local_address_.c_str(), local_port_,
36 peer_address_.c_str(), peer_port_);
37 evaluate_args_ =
38 absl::make_unique<EvaluateArgs>(nullptr, nullptr, endpoint_);
39 }
TearDown()40 void TearDown() override { grpc_endpoint_destroy(endpoint_); }
41 grpc_endpoint* endpoint_;
42 std::unique_ptr<EvaluateArgs> evaluate_args_;
43 std::string local_address_;
44 std::string peer_address_;
45 int local_port_;
46 int peer_port_;
47 };
48
TEST_F(EvaluateArgsTest,TestEvaluateArgsLocalAddress)49 TEST_F(EvaluateArgsTest, TestEvaluateArgsLocalAddress) {
50 absl::string_view src_address = evaluate_args_->GetLocalAddress();
51 EXPECT_EQ(src_address, local_address_);
52 }
53
TEST_F(EvaluateArgsTest,TestEvaluateArgsLocalPort)54 TEST_F(EvaluateArgsTest, TestEvaluateArgsLocalPort) {
55 int src_port = evaluate_args_->GetLocalPort();
56 EXPECT_EQ(src_port, local_port_);
57 }
58
TEST_F(EvaluateArgsTest,TestEvaluateArgsPeerAddress)59 TEST_F(EvaluateArgsTest, TestEvaluateArgsPeerAddress) {
60 absl::string_view dest_address = evaluate_args_->GetPeerAddress();
61 EXPECT_EQ(dest_address, peer_address_);
62 }
63
TEST_F(EvaluateArgsTest,TestEvaluateArgsPeerPort)64 TEST_F(EvaluateArgsTest, TestEvaluateArgsPeerPort) {
65 int dest_port = evaluate_args_->GetPeerPort();
66 EXPECT_EQ(dest_port, peer_port_);
67 }
68
TEST(EvaluateArgsMetadataTest,HandlesNullMetadata)69 TEST(EvaluateArgsMetadataTest, HandlesNullMetadata) {
70 EvaluateArgs eval_args(nullptr, nullptr, nullptr);
71 EXPECT_EQ(eval_args.GetPath(), nullptr);
72 EXPECT_EQ(eval_args.GetMethod(), nullptr);
73 EXPECT_EQ(eval_args.GetHost(), nullptr);
74 EXPECT_THAT(eval_args.GetHeaders(), ::testing::ElementsAre());
75 }
76
TEST(EvaluateArgsMetadataTest,HandlesEmptyMetadata)77 TEST(EvaluateArgsMetadataTest, HandlesEmptyMetadata) {
78 grpc_metadata_batch metadata;
79 grpc_metadata_batch_init(&metadata);
80 EvaluateArgs eval_args(&metadata, nullptr, nullptr);
81 EXPECT_EQ(eval_args.GetPath(), nullptr);
82 EXPECT_EQ(eval_args.GetMethod(), nullptr);
83 EXPECT_EQ(eval_args.GetHost(), nullptr);
84 EXPECT_THAT(eval_args.GetHeaders(), ::testing::ElementsAre());
85 grpc_metadata_batch_destroy(&metadata);
86 }
87
TEST(EvaluateArgsMetadataTest,GetPathSuccess)88 TEST(EvaluateArgsMetadataTest, GetPathSuccess) {
89 grpc_init();
90 const char* kPath = "/some/path";
91 grpc_metadata_batch metadata;
92 grpc_metadata_batch_init(&metadata);
93 grpc_slice fake_val = grpc_slice_intern(grpc_slice_from_static_string(kPath));
94 grpc_mdelem fake_val_md = grpc_mdelem_from_slices(GRPC_MDSTR_PATH, fake_val);
95 grpc_linked_mdelem storage;
96 storage.md = fake_val_md;
97 ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage),
98 GRPC_ERROR_NONE);
99 EvaluateArgs eval_args(&metadata, nullptr, nullptr);
100 EXPECT_EQ(eval_args.GetPath(), kPath);
101 grpc_metadata_batch_destroy(&metadata);
102 grpc_shutdown();
103 }
104
TEST(EvaluateArgsMetadataTest,GetHostSuccess)105 TEST(EvaluateArgsMetadataTest, GetHostSuccess) {
106 grpc_init();
107 const char* kHost = "host";
108 grpc_metadata_batch metadata;
109 grpc_metadata_batch_init(&metadata);
110 grpc_slice fake_val = grpc_slice_intern(grpc_slice_from_static_string(kHost));
111 grpc_mdelem fake_val_md = grpc_mdelem_from_slices(GRPC_MDSTR_HOST, fake_val);
112 grpc_linked_mdelem storage;
113 storage.md = fake_val_md;
114 ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage),
115 GRPC_ERROR_NONE);
116 EvaluateArgs eval_args(&metadata, nullptr, nullptr);
117 EXPECT_EQ(eval_args.GetHost(), kHost);
118 grpc_metadata_batch_destroy(&metadata);
119 grpc_shutdown();
120 }
121
TEST(EvaluateArgsMetadataTest,GetMethodSuccess)122 TEST(EvaluateArgsMetadataTest, GetMethodSuccess) {
123 grpc_init();
124 const char* kMethod = "GET";
125 grpc_metadata_batch metadata;
126 grpc_metadata_batch_init(&metadata);
127 grpc_slice fake_val =
128 grpc_slice_intern(grpc_slice_from_static_string(kMethod));
129 grpc_mdelem fake_val_md =
130 grpc_mdelem_from_slices(GRPC_MDSTR_METHOD, fake_val);
131 grpc_linked_mdelem storage;
132 storage.md = fake_val_md;
133 ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage),
134 GRPC_ERROR_NONE);
135 EvaluateArgs eval_args(&metadata, nullptr, nullptr);
136 EXPECT_EQ(eval_args.GetMethod(), kMethod);
137 grpc_metadata_batch_destroy(&metadata);
138 grpc_shutdown();
139 }
140
TEST(EvaluateArgsMetadataTest,GetHeadersSuccess)141 TEST(EvaluateArgsMetadataTest, GetHeadersSuccess) {
142 grpc_init();
143 const char* kPath = "/some/path";
144 const char* kHost = "host";
145 grpc_metadata_batch metadata;
146 grpc_metadata_batch_init(&metadata);
147 grpc_slice fake_path =
148 grpc_slice_intern(grpc_slice_from_static_string(kPath));
149 grpc_mdelem fake_path_md =
150 grpc_mdelem_from_slices(GRPC_MDSTR_PATH, fake_path);
151 grpc_linked_mdelem storage;
152 storage.md = fake_path_md;
153 ASSERT_EQ(grpc_metadata_batch_link_head(&metadata, &storage, GRPC_BATCH_PATH),
154 GRPC_ERROR_NONE);
155 grpc_slice fake_host =
156 grpc_slice_intern(grpc_slice_from_static_string(kHost));
157 grpc_mdelem fake_host_md =
158 grpc_mdelem_from_slices(GRPC_MDSTR_HOST, fake_host);
159 grpc_linked_mdelem storage2;
160 storage2.md = fake_host_md;
161 ASSERT_EQ(
162 grpc_metadata_batch_link_tail(&metadata, &storage2, GRPC_BATCH_HOST),
163 GRPC_ERROR_NONE);
164 EvaluateArgs eval_args(&metadata, nullptr, nullptr);
165 EXPECT_THAT(
166 eval_args.GetHeaders(),
167 ::testing::UnorderedElementsAre(
168 ::testing::Pair(StringViewFromSlice(GRPC_MDSTR_HOST), kHost),
169 ::testing::Pair(StringViewFromSlice(GRPC_MDSTR_PATH), kPath)));
170 grpc_metadata_batch_destroy(&metadata);
171 grpc_shutdown();
172 }
173
TEST(EvaluateArgsAuthContextTest,HandlesNullAuthContext)174 TEST(EvaluateArgsAuthContextTest, HandlesNullAuthContext) {
175 EvaluateArgs eval_args(nullptr, nullptr, nullptr);
176 EXPECT_EQ(eval_args.GetSpiffeId(), nullptr);
177 EXPECT_EQ(eval_args.GetCertServerName(), nullptr);
178 }
179
TEST(EvaluateArgsAuthContextTest,HandlesEmptyAuthCtx)180 TEST(EvaluateArgsAuthContextTest, HandlesEmptyAuthCtx) {
181 grpc_auth_context auth_context(nullptr);
182 EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
183 EXPECT_EQ(eval_args.GetSpiffeId(), nullptr);
184 EXPECT_EQ(eval_args.GetCertServerName(), nullptr);
185 }
186
TEST(EvaluateArgsAuthContextTest,GetSpiffeIdSuccessOneProperty)187 TEST(EvaluateArgsAuthContextTest, GetSpiffeIdSuccessOneProperty) {
188 grpc_auth_context auth_context(nullptr);
189 const char* kId = "spiffeid";
190 auth_context.add_cstring_property(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, kId);
191 EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
192 EXPECT_EQ(eval_args.GetSpiffeId(), kId);
193 }
194
TEST(EvaluateArgsAuthContextTest,GetSpiffeIdFailDuplicateProperty)195 TEST(EvaluateArgsAuthContextTest, GetSpiffeIdFailDuplicateProperty) {
196 grpc_auth_context auth_context(nullptr);
197 auth_context.add_cstring_property(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id1");
198 auth_context.add_cstring_property(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id2");
199 EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
200 EXPECT_EQ(eval_args.GetSpiffeId(), nullptr);
201 }
202
TEST(EvaluateArgsAuthContextTest,GetCertServerNameSuccessOneProperty)203 TEST(EvaluateArgsAuthContextTest, GetCertServerNameSuccessOneProperty) {
204 grpc_auth_context auth_context(nullptr);
205 const char* kServer = "server";
206 auth_context.add_cstring_property(GRPC_X509_CN_PROPERTY_NAME, kServer);
207 EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
208 EXPECT_EQ(eval_args.GetCertServerName(), kServer);
209 }
210
TEST(EvaluateArgsAuthContextTest,GetCertServerNameFailDuplicateProperty)211 TEST(EvaluateArgsAuthContextTest, GetCertServerNameFailDuplicateProperty) {
212 grpc_auth_context auth_context(nullptr);
213 auth_context.add_cstring_property(GRPC_X509_CN_PROPERTY_NAME, "server1");
214 auth_context.add_cstring_property(GRPC_X509_CN_PROPERTY_NAME, "server2");
215 EvaluateArgs eval_args(nullptr, &auth_context, nullptr);
216 EXPECT_EQ(eval_args.GetCertServerName(), nullptr);
217 }
218
219 } // namespace grpc_core
220
main(int argc,char ** argv)221 int main(int argc, char** argv) {
222 grpc::testing::TestEnvironment env(argc, argv);
223 ::testing::InitGoogleTest(&argc, argv);
224 return RUN_ALL_TESTS();
225 }
226