Line data Source code
1 : /*
2 : *
3 : * Copyright 2015, Google Inc.
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions are
8 : * met:
9 : *
10 : * * Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : * * Redistributions in binary form must reproduce the above
13 : * copyright notice, this list of conditions and the following disclaimer
14 : * in the documentation and/or other materials provided with the
15 : * distribution.
16 : * * Neither the name of Google Inc. nor the names of its
17 : * contributors may be used to endorse or promote products derived from
18 : * this software without specific prior written permission.
19 : *
20 : * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 : * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 : * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 : * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 : * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 : * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 : * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 : * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 : * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 : * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 : * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 : *
32 : */
33 :
34 : #include "test/core/end2end/end2end_tests.h"
35 :
36 : #include <stdio.h>
37 : #include <string.h>
38 :
39 : #include "src/core/channel/channel_args.h"
40 : #include "src/core/iomgr/iomgr.h"
41 : #include "src/core/security/credentials.h"
42 : #include <grpc/support/alloc.h>
43 : #include <grpc/support/host_port.h>
44 : #include <grpc/support/log.h>
45 : #include "test/core/util/test_config.h"
46 : #include "test/core/util/port.h"
47 : #include "test/core/end2end/data/ssl_test_data.h"
48 :
49 : static const char oauth2_md[] = "Bearer aaslkfjs424535asdf";
50 : static const char *client_identity_property_name = "smurf_name";
51 : static const char *client_identity = "Brainy Smurf";
52 :
53 : typedef struct fullstack_secure_fixture_data {
54 : char *localaddr;
55 : } fullstack_secure_fixture_data;
56 :
57 108 : static const grpc_metadata *find_metadata(const grpc_metadata *md,
58 : size_t md_count, const char *key,
59 : const char *value) {
60 : size_t i;
61 655 : for (i = 0; i < md_count; i++) {
62 763 : if (strcmp(key, md[i].key) == 0 && strlen(value) == md[i].value_length &&
63 108 : memcmp(md[i].value, value, md[i].value_length) == 0) {
64 108 : return &md[i];
65 : }
66 : }
67 0 : return NULL;
68 : }
69 :
70 : typedef struct { size_t pseudo_refcount; } test_processor_state;
71 :
72 107 : static void process_oauth2_success(void *state, grpc_auth_context *ctx,
73 : const grpc_metadata *md, size_t md_count,
74 : grpc_process_auth_metadata_done_cb cb,
75 : void *user_data) {
76 107 : const grpc_metadata *oauth2 =
77 : find_metadata(md, md_count, "Authorization", oauth2_md);
78 : test_processor_state *s;
79 :
80 107 : GPR_ASSERT(state != NULL);
81 107 : s = (test_processor_state *)state;
82 107 : GPR_ASSERT(s->pseudo_refcount == 1);
83 107 : GPR_ASSERT(oauth2 != NULL);
84 107 : grpc_auth_context_add_cstring_property(ctx, client_identity_property_name,
85 : client_identity);
86 107 : GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
87 : ctx, client_identity_property_name) == 1);
88 107 : cb(user_data, oauth2, 1, NULL, 0, GRPC_STATUS_OK, NULL);
89 107 : }
90 :
91 1 : static void process_oauth2_failure(void *state, grpc_auth_context *ctx,
92 : const grpc_metadata *md, size_t md_count,
93 : grpc_process_auth_metadata_done_cb cb,
94 : void *user_data) {
95 1 : const grpc_metadata *oauth2 =
96 : find_metadata(md, md_count, "Authorization", oauth2_md);
97 : test_processor_state *s;
98 1 : GPR_ASSERT(state != NULL);
99 1 : s = (test_processor_state *)state;
100 1 : GPR_ASSERT(s->pseudo_refcount == 1);
101 1 : GPR_ASSERT(oauth2 != NULL);
102 1 : cb(user_data, oauth2, 1, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL);
103 1 : }
104 :
105 84 : static grpc_end2end_test_fixture chttp2_create_fixture_secure_fullstack(
106 : grpc_channel_args *client_args, grpc_channel_args *server_args) {
107 : grpc_end2end_test_fixture f;
108 84 : int port = grpc_pick_unused_port_or_die();
109 84 : fullstack_secure_fixture_data *ffd =
110 : gpr_malloc(sizeof(fullstack_secure_fixture_data));
111 84 : memset(&f, 0, sizeof(f));
112 :
113 84 : gpr_join_host_port(&ffd->localaddr, "localhost", port);
114 :
115 84 : f.fixture_data = ffd;
116 84 : f.cq = grpc_completion_queue_create(NULL);
117 :
118 84 : return f;
119 : }
120 :
121 84 : static void chttp2_init_client_secure_fullstack(grpc_end2end_test_fixture *f,
122 : grpc_channel_args *client_args,
123 : grpc_credentials *creds) {
124 84 : fullstack_secure_fixture_data *ffd = f->fixture_data;
125 84 : f->client =
126 84 : grpc_secure_channel_create(creds, ffd->localaddr, client_args, NULL);
127 84 : GPR_ASSERT(f->client != NULL);
128 84 : grpc_credentials_release(creds);
129 84 : }
130 :
131 85 : static void chttp2_init_server_secure_fullstack(
132 : grpc_end2end_test_fixture *f, grpc_channel_args *server_args,
133 : grpc_server_credentials *server_creds) {
134 85 : fullstack_secure_fixture_data *ffd = f->fixture_data;
135 85 : if (f->server) {
136 1 : grpc_server_destroy(f->server);
137 : }
138 85 : f->server = grpc_server_create(server_args, NULL);
139 85 : grpc_server_register_completion_queue(f->server, f->cq, NULL);
140 85 : GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr,
141 : server_creds));
142 85 : grpc_server_credentials_release(server_creds);
143 85 : grpc_server_start(f->server);
144 85 : }
145 :
146 84 : void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) {
147 84 : fullstack_secure_fixture_data *ffd = f->fixture_data;
148 84 : gpr_free(ffd->localaddr);
149 84 : gpr_free(ffd);
150 84 : }
151 :
152 84 : static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack(
153 : grpc_end2end_test_fixture *f, grpc_channel_args *client_args) {
154 84 : grpc_credentials *ssl_creds =
155 : grpc_ssl_credentials_create(test_root_cert, NULL, NULL);
156 84 : grpc_credentials *oauth2_creds =
157 : grpc_md_only_test_credentials_create("Authorization", oauth2_md, 1);
158 84 : grpc_credentials *ssl_oauth2_creds =
159 : grpc_composite_credentials_create(ssl_creds, oauth2_creds, NULL);
160 84 : grpc_arg ssl_name_override = {GRPC_ARG_STRING,
161 : GRPC_SSL_TARGET_NAME_OVERRIDE_ARG,
162 : {"foo.test.google.fr"}};
163 84 : grpc_channel_args *new_client_args =
164 : grpc_channel_args_copy_and_add(client_args, &ssl_name_override, 1);
165 84 : chttp2_init_client_secure_fullstack(f, new_client_args, ssl_oauth2_creds);
166 84 : grpc_channel_args_destroy(new_client_args);
167 84 : grpc_credentials_release(ssl_creds);
168 84 : grpc_credentials_release(oauth2_creds);
169 84 : }
170 :
171 85 : static int fail_server_auth_check(grpc_channel_args *server_args) {
172 : size_t i;
173 85 : if (server_args == NULL) return 0;
174 19 : for (i = 0; i < server_args->num_args; i++) {
175 10 : if (strcmp(server_args->args[i].key, FAIL_AUTH_CHECK_SERVER_ARG_NAME) ==
176 : 0) {
177 1 : return 1;
178 : }
179 : }
180 9 : return 0;
181 : }
182 :
183 85 : static void processor_destroy(void *state) {
184 85 : test_processor_state *s = (test_processor_state *)state;
185 85 : GPR_ASSERT((s->pseudo_refcount--) == 1);
186 85 : gpr_free(s);
187 85 : }
188 :
189 85 : static grpc_auth_metadata_processor test_processor_create(int failing) {
190 85 : test_processor_state *s = gpr_malloc(sizeof(*s));
191 : grpc_auth_metadata_processor result;
192 85 : s->pseudo_refcount = 1;
193 85 : result.state = s;
194 85 : result.destroy = processor_destroy;
195 85 : if (failing) {
196 1 : result.process = process_oauth2_failure;
197 : } else {
198 84 : result.process = process_oauth2_success;
199 : }
200 85 : return result;
201 : }
202 :
203 85 : static void chttp2_init_server_simple_ssl_secure_fullstack(
204 : grpc_end2end_test_fixture *f, grpc_channel_args *server_args) {
205 85 : grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
206 : test_server1_cert};
207 85 : grpc_server_credentials *ssl_creds =
208 : grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1, 0, NULL);
209 85 : grpc_server_credentials_set_auth_metadata_processor(
210 : ssl_creds, test_processor_create(fail_server_auth_check(server_args)));
211 85 : chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
212 85 : }
213 :
214 : /* All test configurations */
215 :
216 : static grpc_end2end_test_config configs[] = {
217 : {"chttp2/simple_ssl_with_oauth2_fullstack",
218 : FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION |
219 : FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS,
220 : chttp2_create_fixture_secure_fullstack,
221 : chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack,
222 : chttp2_init_server_simple_ssl_secure_fullstack,
223 : chttp2_tear_down_secure_fullstack},
224 : };
225 :
226 33 : int main(int argc, char **argv) {
227 : size_t i;
228 33 : grpc_test_init(argc, argv);
229 :
230 33 : grpc_init();
231 :
232 66 : for (i = 0; i < sizeof(configs) / sizeof(*configs); i++) {
233 33 : grpc_end2end_tests(configs[i]);
234 : }
235 :
236 33 : grpc_shutdown();
237 :
238 33 : return 0;
239 : }
|