1 /*
2 *
3 * Copyright 2018 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <string.h>
22
23 #include <grpc/grpc.h>
24 #include <grpc/support/alloc.h>
25 #include <grpc/support/log.h>
26
27 #include "src/core/lib/security/security_connector/alts/alts_security_connector.h"
28 #include "src/core/lib/transport/transport.h"
29 #include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
30 #include "src/core/tsi/transport_security.h"
31
32 using grpc_core::internal::grpc_alts_auth_context_from_tsi_peer;
33
34 /* This file contains unit tests of grpc_alts_auth_context_from_tsi_peer(). */
test_invalid_input_failure()35 static void test_invalid_input_failure() {
36 grpc_core::RefCountedPtr<grpc_auth_context> ctx =
37 grpc_alts_auth_context_from_tsi_peer(nullptr);
38 GPR_ASSERT(ctx == nullptr);
39 }
40
test_empty_certificate_type_failure()41 static void test_empty_certificate_type_failure() {
42 tsi_peer peer;
43 GPR_ASSERT(tsi_construct_peer(0, &peer) == TSI_OK);
44 grpc_core::RefCountedPtr<grpc_auth_context> ctx =
45 grpc_alts_auth_context_from_tsi_peer(&peer);
46 GPR_ASSERT(ctx == nullptr);
47 tsi_peer_destruct(&peer);
48 }
49
test_empty_peer_property_failure()50 static void test_empty_peer_property_failure() {
51 tsi_peer peer;
52 GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
53 GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
54 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
55 &peer.properties[0]) == TSI_OK);
56 grpc_core::RefCountedPtr<grpc_auth_context> ctx =
57 grpc_alts_auth_context_from_tsi_peer(&peer);
58 GPR_ASSERT(ctx == nullptr);
59 tsi_peer_destruct(&peer);
60 }
61
test_missing_rpc_protocol_versions_property_failure()62 static void test_missing_rpc_protocol_versions_property_failure() {
63 tsi_peer peer;
64 GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
65 GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
66 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
67 &peer.properties[0]) == TSI_OK);
68 GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
69 TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
70 &peer.properties[1]) == TSI_OK);
71 grpc_core::RefCountedPtr<grpc_auth_context> ctx =
72 grpc_alts_auth_context_from_tsi_peer(&peer);
73 GPR_ASSERT(ctx == nullptr);
74 tsi_peer_destruct(&peer);
75 }
76
test_unknown_peer_property_failure()77 static void test_unknown_peer_property_failure() {
78 tsi_peer peer;
79 GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
80 GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
81 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
82 &peer.properties[0]) == TSI_OK);
83 GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
84 "unknown", "alice", &peer.properties[1]) == TSI_OK);
85 grpc_core::RefCountedPtr<grpc_auth_context> ctx =
86 grpc_alts_auth_context_from_tsi_peer(&peer);
87 GPR_ASSERT(ctx == nullptr);
88 tsi_peer_destruct(&peer);
89 }
90
test_identity(const grpc_auth_context * ctx,const char * expected_property_name,const char * expected_identity)91 static bool test_identity(const grpc_auth_context* ctx,
92 const char* expected_property_name,
93 const char* expected_identity) {
94 grpc_auth_property_iterator it;
95 const grpc_auth_property* prop;
96 GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
97 it = grpc_auth_context_peer_identity(ctx);
98 prop = grpc_auth_property_iterator_next(&it);
99 GPR_ASSERT(prop != nullptr);
100 if (strcmp(prop->name, expected_property_name) != 0) {
101 gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.",
102 expected_property_name, prop->name);
103 return false;
104 }
105 if (strncmp(prop->value, expected_identity, prop->value_length) != 0) {
106 gpr_log(GPR_ERROR, "Expected peer identity %s and got got %s.",
107 expected_identity, prop->value);
108 return false;
109 }
110 return true;
111 }
112
test_alts_peer_to_auth_context_success()113 static void test_alts_peer_to_auth_context_success() {
114 tsi_peer peer;
115 GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
116 GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
117 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
118 &peer.properties[0]) == TSI_OK);
119 GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
120 TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
121 &peer.properties[1]) == TSI_OK);
122 grpc_gcp_rpc_protocol_versions peer_versions;
123 grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
124 GRPC_PROTOCOL_VERSION_MAX_MAJOR,
125 GRPC_PROTOCOL_VERSION_MAX_MINOR);
126 grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
127 GRPC_PROTOCOL_VERSION_MIN_MAJOR,
128 GRPC_PROTOCOL_VERSION_MIN_MINOR);
129 grpc_slice serialized_peer_versions;
130 GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
131 &serialized_peer_versions));
132
133 GPR_ASSERT(tsi_construct_string_peer_property(
134 TSI_ALTS_RPC_VERSIONS,
135 reinterpret_cast<char*>(
136 GRPC_SLICE_START_PTR(serialized_peer_versions)),
137 GRPC_SLICE_LENGTH(serialized_peer_versions),
138 &peer.properties[2]) == TSI_OK);
139 grpc_core::RefCountedPtr<grpc_auth_context> ctx =
140 grpc_alts_auth_context_from_tsi_peer(&peer);
141 GPR_ASSERT(ctx != nullptr);
142 GPR_ASSERT(test_identity(ctx.get(), TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY,
143 "alice"));
144 ctx.reset(DEBUG_LOCATION, "test");
145 grpc_slice_unref(serialized_peer_versions);
146 tsi_peer_destruct(&peer);
147 }
148
main(int argc,char ** argv)149 int main(int argc, char** argv) {
150 /* Test. */
151 test_invalid_input_failure();
152 test_empty_certificate_type_failure();
153 test_empty_peer_property_failure();
154 test_unknown_peer_property_failure();
155 test_missing_rpc_protocol_versions_property_failure();
156 test_alts_peer_to_auth_context_success();
157
158 return 0;
159 }
160