Inicio Explorar Axuda
Iniciar sesión
lenn
/
grpc1.45.2
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Rama: master
Ramas Etiquetas
grpc1.45.2
/
test
/
cpp
/
security
/
tls_certificate_verifier_test.cc

tls_certificate_verifier_test.cc 6.2 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. //
    2. 

  2. // Copyright 2021 gRPC authors.
    3. 

  3. //
    4. 

  4. // Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. // you may not use this file except in compliance with the License.
    6. 

  6. // You may obtain a copy of the License at
    7. 

  7. //
    8. 

  8. //     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. //
    10. 

  10. // Unless required by applicable law or agreed to in writing, software
    11. 

  11. // distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. // See the License for the specific language governing permissions and
    14. 

  14. // limitations under the License.
    15. 

  15. //
    16. 

  16. 

  17. #include <memory>
    18. 

  18. 

  19. #include <gmock/gmock.h>
    20. 

  20. #include <gtest/gtest.h>
    21. 

  21. 

  22. #include <grpc/grpc.h>
    23. 

  23. #include <grpc/grpc_security.h>
    24. 

  24. #include <grpcpp/security/server_credentials.h>
    25. 

  25. #include <grpcpp/security/tls_credentials_options.h>
    26. 

  26. 

  27. #include "src/cpp/client/secure_credentials.h"
    28. 

  28. #include "test/core/util/port.h"
    29. 

  29. #include "test/core/util/test_config.h"
    30. 

  30. #include "test/cpp/util/tls_test_utils.h"
    31. 

  31. 

  32. namespace {
    33. 

  33. 

  34. using ::grpc::experimental::ExternalCertificateVerifier;
    35. 

  35. using ::grpc::experimental::HostNameCertificateVerifier;
    36. 

  36. using ::grpc::experimental::TlsCustomVerificationCheckRequest;
    37. 

  37. 

  38. }  // namespace
    39. 

  39. 

  40. namespace grpc {
    41. 

  41. namespace testing {
    42. 

  42. namespace {
    43. 

  43. 

  44. TEST(TlsCertificateVerifierTest, SyncCertificateVerifierSucceeds) {
    45. 

  45.   grpc_tls_custom_verification_check_request request;
    46. 

  46.   auto verifier =
    47. 

  47.       ExternalCertificateVerifier::Create<SyncCertificateVerifier>(true);
    48. 

  48.   TlsCustomVerificationCheckRequest cpp_request(&request);
    49. 

  49.   grpc::Status sync_status;
    50. 

  50.   verifier->Verify(&cpp_request, nullptr, &sync_status);
    51. 

  51.   EXPECT_TRUE(sync_status.ok())
    52. 

  52.       << sync_status.error_code() << " " << sync_status.error_message();
    53. 

  53. }
    54. 

  54. 

  55. TEST(TlsCertificateVerifierTest, SyncCertificateVerifierFails) {
    56. 

  56.   grpc_tls_custom_verification_check_request request;
    57. 

  57.   auto verifier =
    58. 

  58.       ExternalCertificateVerifier::Create<SyncCertificateVerifier>(false);
    59. 

  59.   TlsCustomVerificationCheckRequest cpp_request(&request);
    60. 

  60.   grpc::Status sync_status;
    61. 

  61.   verifier->Verify(&cpp_request, nullptr, &sync_status);
    62. 

  62.   EXPECT_EQ(sync_status.error_code(), grpc::StatusCode::UNAUTHENTICATED);
    63. 

  63.   EXPECT_EQ(sync_status.error_message(), "SyncCertificateVerifier failed");
    64. 

  64. }
    65. 

  65. 

  66. TEST(TlsCertificateVerifierTest, AsyncCertificateVerifierSucceeds) {
    67. 

  67.   grpc_tls_custom_verification_check_request request;
    68. 

  68.   auto verifier =
    69. 

  69.       ExternalCertificateVerifier::Create<AsyncCertificateVerifier>(true);
    70. 

  70.   TlsCustomVerificationCheckRequest cpp_request(&request);
    71. 

  71.   std::function<void(grpc::Status)> callback = [](grpc::Status async_status) {
    72. 

  72.     EXPECT_TRUE(async_status.ok())
    73. 

  73.         << async_status.error_code() << " " << async_status.error_message();
    74. 

  74.   };
    75. 

  75.   grpc::Status sync_status;
    76. 

  76.   EXPECT_FALSE(verifier->Verify(&cpp_request, callback, &sync_status));
    77. 

  77. }
    78. 

  78. 

  79. TEST(TlsCertificateVerifierTest, AsyncCertificateVerifierFails) {
    80. 

  80.   grpc_tls_custom_verification_check_request request;
    81. 

  81.   auto verifier =
    82. 

  82.       ExternalCertificateVerifier::Create<AsyncCertificateVerifier>(false);
    83. 

  83.   TlsCustomVerificationCheckRequest cpp_request(&request);
    84. 

  84.   std::function<void(grpc::Status)> callback = [](grpc::Status async_status) {
    85. 

  85.     EXPECT_EQ(async_status.error_code(), grpc::StatusCode::UNAUTHENTICATED);
    86. 

  86.     EXPECT_EQ(async_status.error_message(), "AsyncCertificateVerifier failed");
    87. 

  87.   };
    88. 

  88.   grpc::Status sync_status;
    89. 

  89.   EXPECT_FALSE(verifier->Verify(&cpp_request, callback, &sync_status));
    90. 

  90. }
    91. 

  91. 

  92. TEST(TlsCertificateVerifierTest, HostNameCertificateVerifierSucceeds) {
    93. 

  93.   grpc_tls_custom_verification_check_request request;
    94. 

  94.   memset(&request, 0, sizeof(request));
    95. 

  95.   request.target_name = "foo.bar.com";
    96. 

  96.   request.peer_info.common_name = "foo.bar.com";
    97. 

  97.   auto verifier = std::make_shared<HostNameCertificateVerifier>();
    98. 

  98.   TlsCustomVerificationCheckRequest cpp_request(&request);
    99. 

  99.   grpc::Status sync_status;
    100. 

  100.   verifier->Verify(&cpp_request, nullptr, &sync_status);
    101. 

  101.   EXPECT_TRUE(sync_status.ok())
    102. 

  102.       << sync_status.error_code() << " " << sync_status.error_message();
    103. 

  103. }
    104. 

  104. 

  105. TEST(TlsCertificateVerifierTest, HostNameCertificateVerifierFails) {
    106. 

  106.   grpc_tls_custom_verification_check_request request;
    107. 

  107.   memset(&request, 0, sizeof(request));
    108. 

  108.   request.target_name = "foo.bar.com";
    109. 

  109.   request.peer_info.common_name = "foo.baz.com";
    110. 

  110.   auto verifier = std::make_shared<HostNameCertificateVerifier>();
    111. 

  111.   TlsCustomVerificationCheckRequest cpp_request(&request);
    112. 

  112.   grpc::Status sync_status;
    113. 

  113.   verifier->Verify(&cpp_request, nullptr, &sync_status);
    114. 

  114.   EXPECT_EQ(sync_status.error_code(), grpc::StatusCode::UNAUTHENTICATED);
    115. 

  115.   EXPECT_EQ(sync_status.error_message(), "Hostname Verification Check failed.");
    116. 

  116. }
    117. 

  117. 

  118. TEST(TlsCertificateVerifierTest,
    119. 

  119.      HostNameCertificateVerifierSucceedsMultipleFields) {
    120. 

  120.   grpc_tls_custom_verification_check_request request;
    121. 

  121.   memset(&request, 0, sizeof(request));
    122. 

  122.   request.target_name = "foo.bar.com";
    123. 

  123.   request.peer_info.common_name = "foo.baz.com";
    124. 

  124.   char* dns_names[] = {const_cast<char*>("*.bar.com")};
    125. 

  125.   request.peer_info.san_names.dns_names = dns_names;
    126. 

  126.   request.peer_info.san_names.dns_names_size = 1;
    127. 

  127.   auto verifier = std::make_shared<HostNameCertificateVerifier>();
    128. 

  128.   TlsCustomVerificationCheckRequest cpp_request(&request);
    129. 

  129.   grpc::Status sync_status;
    130. 

  130.   verifier->Verify(&cpp_request, nullptr, &sync_status);
    131. 

  131.   EXPECT_TRUE(sync_status.ok())
    132. 

  132.       << sync_status.error_code() << " " << sync_status.error_message();
    133. 

  133. }
    134. 

  134. 

  135. TEST(TlsCertificateVerifierTest,
    136. 

  136.      HostNameCertificateVerifierFailsMultipleFields) {
    137. 

  137.   grpc_tls_custom_verification_check_request request;
    138. 

  138.   memset(&request, 0, sizeof(request));
    139. 

  139.   request.target_name = "foo.bar.com";
    140. 

  140.   request.peer_info.common_name = "foo.baz.com";
    141. 

  141.   char* dns_names[] = {const_cast<char*>("*.")};
    142. 

  142.   request.peer_info.san_names.dns_names = dns_names;
    143. 

  143.   request.peer_info.san_names.dns_names_size = 1;
    144. 

  144.   auto verifier = std::make_shared<HostNameCertificateVerifier>();
    145. 

  145.   TlsCustomVerificationCheckRequest cpp_request(&request);
    146. 

  146.   grpc::Status sync_status;
    147. 

  147.   verifier->Verify(&cpp_request, nullptr, &sync_status);
    148. 

  148.   EXPECT_EQ(sync_status.error_code(), grpc::StatusCode::UNAUTHENTICATED);
    149. 

  149.   EXPECT_EQ(sync_status.error_message(), "Hostname Verification Check failed.");
    150. 

  150. }
    151. 

  151. 

  152. }  // namespace
    153. 

  153. }  // namespace testing
    154. 

  154. }  // namespace grpc
    155. 

  155. 

  156. int main(int argc, char** argv) {
    157. 

  157.   ::testing::InitGoogleTest(&argc, argv);
    158. 

  158.   grpc::testing::TestEnvironment env(argc, argv);
    159. 

  159.   int ret = RUN_ALL_TESTS();
    160. 

  160.   return ret;
    161. 

  161. }
    162.