security_connector_test.cc
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include "src/core/lib/security/security_connector/security_connector.h"
20 
21 #include <stdio.h>
22 #include <string.h>
23 
24 #include <grpc/grpc_security.h>
25 #include <grpc/support/alloc.h>
26 #include <grpc/support/log.h>
27 #include <grpc/support/string_util.h>
28 
29 #include "src/core/lib/gpr/string.h"
30 #include "src/core/lib/gpr/tmpfile.h"
31 #include "src/core/lib/gprpp/ref_counted_ptr.h"
32 #include "src/core/lib/security/context/security_context.h"
33 #include "src/core/lib/security/security_connector/ssl_utils.h"
34 #include "src/core/lib/security/security_connector/ssl_utils_config.h"
35 #include "src/core/lib/slice/slice_string_helpers.h"
36 #include "src/core/tsi/ssl_transport_security.h"
37 #include "src/core/tsi/transport_security.h"
38 #include "test/core/util/test_config.h"
39 
40 #ifndef TSI_OPENSSL_ALPN_SUPPORT
41 #define TSI_OPENSSL_ALPN_SUPPORT 1
42 #endif
43 
44 static int check_peer_property(const tsi_peer* peer,
45  const tsi_peer_property* expected) {
46  size_t i;
47  for (i = 0; i < peer->property_count; i++) {
48  const tsi_peer_property* prop = &peer->properties[i];
49  if ((strcmp(prop->name, expected->name) == 0) &&
50  (prop->value.length == expected->value.length) &&
51  (memcmp(prop->value.data, expected->value.data,
52  expected->value.length) == 0)) {
53  return 1;
54  }
55  }
56  return 0; /* Not found... */
57 }
58 
59 static int check_ssl_peer_equivalence(const tsi_peer* original,
60  const tsi_peer* reconstructed) {
61  /* The reconstructed peer only has CN, SAN and pem cert properties. */
62  size_t i;
63  for (i = 0; i < original->property_count; i++) {
64  const tsi_peer_property* prop = &original->properties[i];
65  if ((strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) ||
66  (strcmp(prop->name, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) ==
67  0) ||
68  (strcmp(prop->name, TSI_X509_PEM_CERT_PROPERTY) == 0)) {
69  if (!check_peer_property(reconstructed, prop)) return 0;
70  }
71  }
72  return 1;
73 }
74 
75 static int check_property(const grpc_auth_context* ctx,
76  const char* expected_property_name,
77  const char* expected_property_value) {
78  grpc_auth_property_iterator it =
79  grpc_auth_context_find_properties_by_name(ctx, expected_property_name);
80  const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
81  if (prop == nullptr) {
82  gpr_log(GPR_ERROR, "Expected value %s not found.", expected_property_value);
83  return 0;
84  }
85  if (strncmp(prop->value, expected_property_value, prop->value_length) != 0) {
86  gpr_log(GPR_ERROR, "Expected value %s and got %s for property %s.",
87  expected_property_value, prop->value, expected_property_name);
88  return 0;
89  }
90  if (grpc_auth_property_iterator_next(&it) != nullptr) {
91  gpr_log(GPR_ERROR, "Expected only one property for %s.",
92  expected_property_name);
93  return 0;
94  }
95  return 1;
96 }
97 
98 static int check_properties(
99  const grpc_auth_context* ctx, const char* expected_property_name,
100  const std::vector<std::string>& expected_property_values) {
101  grpc_auth_property_iterator it =
102  grpc_auth_context_find_properties_by_name(ctx, expected_property_name);
103  for (const auto& property_value : expected_property_values) {
104  const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
105  if (prop == nullptr) {
106  gpr_log(GPR_ERROR, "Expected value %s not found.",
107  property_value.c_str());
108  return 0;
109  }
110  if (strcmp(prop->name, expected_property_name) != 0) {
111  gpr_log(GPR_ERROR, "Expected peer property name %s and got %s.",
112  expected_property_name, prop->name);
113  return 0;
114  }
115  if (strncmp(prop->value, property_value.c_str(), prop->value_length) != 0) {
116  gpr_log(GPR_ERROR, "Expected peer property value %s and got %s.",
117  property_value.c_str(), prop->value);
118  return 0;
119  }
120  }
121  if (grpc_auth_property_iterator_next(&it) != nullptr) {
122  gpr_log(GPR_ERROR, "Expected only %zu property values.",
123  expected_property_values.size());
124  return 0;
125  }
126  return 1;
127 }
128 
129 static int check_spiffe_id(const grpc_auth_context* ctx,
130  const char* expected_spiffe_id,
131  bool expect_spiffe_id) {
132  grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
133  ctx, GRPC_PEER_SPIFFE_ID_PROPERTY_NAME);
134  const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
135  if (prop == nullptr && !expect_spiffe_id) {
136  return 1;
137  }
138  if (prop != nullptr && !expect_spiffe_id) {
139  gpr_log(GPR_ERROR, "SPIFFE ID not expected, but got %s.", prop->value);
140  return 0;
141  }
142  if (prop == nullptr && expect_spiffe_id) {
143  gpr_log(GPR_ERROR, "SPIFFE ID expected, but got nullptr.");
144  return 0;
145  }
146  if (strncmp(prop->value, expected_spiffe_id, prop->value_length) != 0) {
147  gpr_log(GPR_ERROR, "Expected SPIFFE ID %s but got %s.", expected_spiffe_id,
148  prop->value);
149  return 0;
150  }
151  if (grpc_auth_property_iterator_next(&it) != nullptr) {
152  gpr_log(GPR_ERROR, "Expected only one property for SPIFFE ID.");
153  return 0;
154  }
155  return 1;
156 }
157 
158 static void test_unauthenticated_ssl_peer(void) {
159  tsi_peer peer;
160  tsi_peer rpeer;
161  GPR_ASSERT(tsi_construct_peer(2, &peer) == TSI_OK);
162  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
163  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
164  &peer.properties[0]) == TSI_OK);
165  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
166  TSI_SECURITY_LEVEL_PEER_PROPERTY,
167  tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY),
168  &peer.properties[1]) == TSI_OK);
169  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
170  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
171  GPR_ASSERT(ctx != nullptr);
172  GPR_ASSERT(!grpc_auth_context_peer_is_authenticated(ctx.get()));
173  GPR_ASSERT(check_property(ctx.get(),
174  GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
175  GRPC_SSL_TRANSPORT_SECURITY_TYPE));
176 
177  rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx.get());
178  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
179 
180  grpc_shallow_peer_destruct(&rpeer);
181  tsi_peer_destruct(&peer);
182  ctx.reset(DEBUG_LOCATION, "test");
183 }
184 
185 static void test_cn_only_ssl_peer_to_auth_context(void) {
186  tsi_peer peer;
187  tsi_peer rpeer;
188  const char* expected_cn = "cn1";
189  const char* expected_pem_cert = "pem_cert1";
190  const char* expected_pem_cert_chain = "pem_cert1_chain";
191  GPR_ASSERT(tsi_construct_peer(5, &peer) == TSI_OK);
192  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
193  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
194  &peer.properties[0]) == TSI_OK);
195  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
196  TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn,
197  &peer.properties[1]) == TSI_OK);
198  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
199  TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert,
200  &peer.properties[2]) == TSI_OK);
201  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
202  TSI_SECURITY_LEVEL_PEER_PROPERTY,
203  tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY),
204  &peer.properties[3]) == TSI_OK);
205  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
206  TSI_X509_PEM_CERT_CHAIN_PROPERTY, expected_pem_cert_chain,
207  &peer.properties[4]) == TSI_OK);
208  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
209  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
210  GPR_ASSERT(ctx != nullptr);
211  GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx.get()));
212  GPR_ASSERT(
213  check_property(ctx.get(), GRPC_X509_CN_PROPERTY_NAME, expected_cn));
214  GPR_ASSERT(check_property(ctx.get(),
215  GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
216  GRPC_SSL_TRANSPORT_SECURITY_TYPE));
217  GPR_ASSERT(
218  check_property(ctx.get(), GRPC_X509_CN_PROPERTY_NAME, expected_cn));
219  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_PEM_CERT_PROPERTY_NAME,
220  expected_pem_cert));
221  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME,
222  expected_pem_cert_chain));
223 
224  rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx.get());
225  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
226 
227  grpc_shallow_peer_destruct(&rpeer);
228  tsi_peer_destruct(&peer);
229  ctx.reset(DEBUG_LOCATION, "test");
230 }
231 
232 static void test_cn_and_one_san_ssl_peer_to_auth_context(void) {
233  tsi_peer peer;
234  tsi_peer rpeer;
235  const char* expected_cn = "cn1";
236  const std::vector<std::string> expected_sans = {"san1"};
237  const char* expected_pem_cert = "pem_cert1";
238  const char* expected_pem_cert_chain = "pem_cert1_chain";
239  GPR_ASSERT(tsi_construct_peer(6, &peer) == TSI_OK);
240  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
241  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
242  &peer.properties[0]) == TSI_OK);
243  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
244  TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn,
245  &peer.properties[1]) == TSI_OK);
246  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
247  TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert,
248  &peer.properties[2]) == TSI_OK);
249  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
250  TSI_SECURITY_LEVEL_PEER_PROPERTY,
251  tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY),
252  &peer.properties[3]) == TSI_OK);
253  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
254  TSI_X509_PEM_CERT_CHAIN_PROPERTY, expected_pem_cert_chain,
255  &peer.properties[4]) == TSI_OK);
256  for (size_t i = 0; i < expected_sans.size(); i++) {
257  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
258  TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
259  expected_sans[i].c_str(),
260  &peer.properties[5 + i]) == TSI_OK);
261  }
262  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
263  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
264  GPR_ASSERT(ctx != nullptr);
265  GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx.get()));
266  GPR_ASSERT(
267  check_properties(ctx.get(), GRPC_X509_SAN_PROPERTY_NAME, expected_sans));
268  GPR_ASSERT(check_property(ctx.get(),
269  GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
270  GRPC_SSL_TRANSPORT_SECURITY_TYPE));
271  GPR_ASSERT(
272  check_property(ctx.get(), GRPC_X509_CN_PROPERTY_NAME, expected_cn));
273  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_PEM_CERT_PROPERTY_NAME,
274  expected_pem_cert));
275  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME,
276  expected_pem_cert_chain));
277 
278  rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx.get());
279  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
280 
281  grpc_shallow_peer_destruct(&rpeer);
282  tsi_peer_destruct(&peer);
283  ctx.reset(DEBUG_LOCATION, "test");
284 }
285 
286 static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
287  tsi_peer peer;
288  tsi_peer rpeer;
289  const char* expected_cn = "cn1";
290  const std::vector<std::string> expected_sans = {"san1", "san2", "san3"};
291  const char* expected_pem_cert = "pem_cert1";
292  const char* expected_pem_cert_chain = "pem_cert1_chain";
293  size_t i;
294  GPR_ASSERT(tsi_construct_peer(5 + expected_sans.size(), &peer) == TSI_OK);
295  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
296  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
297  &peer.properties[0]) == TSI_OK);
298  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
299  TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn,
300  &peer.properties[1]) == TSI_OK);
301  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
302  TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert,
303  &peer.properties[2]) == TSI_OK);
304  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
305  TSI_SECURITY_LEVEL_PEER_PROPERTY,
306  tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY),
307  &peer.properties[3]) == TSI_OK);
308  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
309  TSI_X509_PEM_CERT_CHAIN_PROPERTY, expected_pem_cert_chain,
310  &peer.properties[4]) == TSI_OK);
311  for (i = 0; i < expected_sans.size(); i++) {
312  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
313  TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
314  expected_sans[i].c_str(),
315  &peer.properties[5 + i]) == TSI_OK);
316  }
317  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
318  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
319  GPR_ASSERT(ctx != nullptr);
320  GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx.get()));
321  GPR_ASSERT(
322  check_properties(ctx.get(), GRPC_X509_SAN_PROPERTY_NAME, expected_sans));
323  GPR_ASSERT(check_property(ctx.get(),
324  GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
325  GRPC_SSL_TRANSPORT_SECURITY_TYPE));
326  GPR_ASSERT(
327  check_property(ctx.get(), GRPC_X509_CN_PROPERTY_NAME, expected_cn));
328  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_PEM_CERT_PROPERTY_NAME,
329  expected_pem_cert));
330  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME,
331  expected_pem_cert_chain));
332 
333  rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx.get());
334  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
335 
336  grpc_shallow_peer_destruct(&rpeer);
337  tsi_peer_destruct(&peer);
338  ctx.reset(DEBUG_LOCATION, "test");
339 }
340 
341 static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(
342  void) {
343  tsi_peer peer;
344  tsi_peer rpeer;
345  const char* expected_cn = "cn1";
346  const char* expected_pem_cert = "pem_cert1";
347  const char* expected_pem_cert_chain = "pem_cert1_chain";
348  const std::vector<std::string> expected_sans = {"san1", "san2", "san3"};
349  size_t i;
350  GPR_ASSERT(tsi_construct_peer(7 + expected_sans.size(), &peer) == TSI_OK);
351  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
352  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
353  &peer.properties[0]) == TSI_OK);
354  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
355  "foo", "bar", &peer.properties[1]) == TSI_OK);
356  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
357  TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY, expected_cn,
358  &peer.properties[2]) == TSI_OK);
359  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
360  "chapi", "chapo", &peer.properties[3]) == TSI_OK);
361  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
362  TSI_X509_PEM_CERT_PROPERTY, expected_pem_cert,
363  &peer.properties[4]) == TSI_OK);
364  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
365  TSI_SECURITY_LEVEL_PEER_PROPERTY,
366  tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY),
367  &peer.properties[5]) == TSI_OK);
368  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
369  TSI_X509_PEM_CERT_CHAIN_PROPERTY, expected_pem_cert_chain,
370  &peer.properties[6]) == TSI_OK);
371  for (i = 0; i < expected_sans.size(); i++) {
372  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
373  TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
374  expected_sans[i].c_str(),
375  &peer.properties[7 + i]) == TSI_OK);
376  }
377  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
378  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
379  GPR_ASSERT(ctx != nullptr);
380  GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx.get()));
381  GPR_ASSERT(
382  check_properties(ctx.get(), GRPC_X509_SAN_PROPERTY_NAME, expected_sans));
383  GPR_ASSERT(check_property(ctx.get(),
384  GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
385  GRPC_SSL_TRANSPORT_SECURITY_TYPE));
386  GPR_ASSERT(
387  check_property(ctx.get(), GRPC_X509_CN_PROPERTY_NAME, expected_cn));
388  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_PEM_CERT_PROPERTY_NAME,
389  expected_pem_cert));
390  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME,
391  expected_pem_cert_chain));
392 
393  rpeer = grpc_shallow_peer_from_ssl_auth_context(ctx.get());
394  GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
395 
396  grpc_shallow_peer_destruct(&rpeer);
397  tsi_peer_destruct(&peer);
398  ctx.reset(DEBUG_LOCATION, "test");
399 }
400 
401 static void test_dns_peer_to_auth_context(void) {
402  tsi_peer peer;
403  const std::vector<std::string> expected_dns = {"dns1", "dns2", "dns3"};
404  GPR_ASSERT(tsi_construct_peer(expected_dns.size(), &peer) == TSI_OK);
405  for (size_t i = 0; i < expected_dns.size(); ++i) {
406  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
407  TSI_X509_DNS_PEER_PROPERTY, expected_dns[i].c_str(),
408  &peer.properties[i]) == TSI_OK);
409  }
410  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
411  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
412  GPR_ASSERT(ctx != nullptr);
413  GPR_ASSERT(
414  check_properties(ctx.get(), GRPC_PEER_DNS_PROPERTY_NAME, expected_dns));
415  tsi_peer_destruct(&peer);
416  ctx.reset(DEBUG_LOCATION, "test");
417 }
418 
419 static void test_uri_peer_to_auth_context(void) {
420  tsi_peer peer;
421  const std::vector<std::string> expected_uri = {"uri1", "uri2", "uri3"};
422  GPR_ASSERT(tsi_construct_peer(expected_uri.size(), &peer) == TSI_OK);
423  for (size_t i = 0; i < expected_uri.size(); ++i) {
424  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
425  TSI_X509_URI_PEER_PROPERTY, expected_uri[i].c_str(),
426  &peer.properties[i]) == TSI_OK);
427  }
428  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
429  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
430  GPR_ASSERT(ctx != nullptr);
431  GPR_ASSERT(
432  check_properties(ctx.get(), GRPC_PEER_URI_PROPERTY_NAME, expected_uri));
433  tsi_peer_destruct(&peer);
434  ctx.reset(DEBUG_LOCATION, "test");
435 }
436 
437 static void test_email_peer_to_auth_context(void) {
438  tsi_peer peer;
439  const std::vector<std::string> expected_emails = {"email1", "email2"};
440  GPR_ASSERT(tsi_construct_peer(expected_emails.size(), &peer) == TSI_OK);
441  for (size_t i = 0; i < expected_emails.size(); ++i) {
442  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
443  TSI_X509_EMAIL_PEER_PROPERTY, expected_emails[i].c_str(),
444  &peer.properties[i]) == TSI_OK);
445  }
446  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
447  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
448  GPR_ASSERT(ctx != nullptr);
449  GPR_ASSERT(check_properties(ctx.get(), GRPC_PEER_EMAIL_PROPERTY_NAME,
450  expected_emails));
451  tsi_peer_destruct(&peer);
452  ctx.reset(DEBUG_LOCATION, "test");
453 }
454 
455 static void test_ip_peer_to_auth_context(void) {
456  tsi_peer peer;
457  const std::vector<std::string> expected_ips = {"128.128.128.128",
458  "255.255.255.255"};
459  GPR_ASSERT(tsi_construct_peer(expected_ips.size(), &peer) == TSI_OK);
460  for (size_t i = 0; i < expected_ips.size(); ++i) {
461  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
462  TSI_X509_IP_PEER_PROPERTY, expected_ips[i].c_str(),
463  &peer.properties[i]) == TSI_OK);
464  }
465  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
466  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
467  GPR_ASSERT(ctx != nullptr);
468  GPR_ASSERT(
469  check_properties(ctx.get(), GRPC_PEER_IP_PROPERTY_NAME, expected_ips));
470  tsi_peer_destruct(&peer);
471  ctx.reset(DEBUG_LOCATION, "test");
472 }
473 
474 static void test_spiffe_id_peer_to_auth_context(void) {
475  // Invalid SPIFFE IDs should not be plumbed.
476  std::string long_id(2050, 'x');
477  std::string long_domain(256, 'x');
478  tsi_peer invalid_peer;
479  std::vector<std::string> invalid_spiffe_id = {
480  "",
481  "spi://",
482  "sfiffe://domain/wl",
483  "spiffe://domain",
484  "spiffe://domain/",
485  long_id,
486  "spiffe://" + long_domain + "/wl"};
487  size_t i;
488  GPR_ASSERT(tsi_construct_peer(invalid_spiffe_id.size(), &invalid_peer) ==
489  TSI_OK);
490  for (i = 0; i < invalid_spiffe_id.size(); i++) {
491  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
492  TSI_X509_URI_PEER_PROPERTY, invalid_spiffe_id[i].c_str(),
493  &invalid_peer.properties[i]) == TSI_OK);
494  }
495  grpc_core::RefCountedPtr<grpc_auth_context> invalid_ctx =
496  grpc_ssl_peer_to_auth_context(&invalid_peer,
497  GRPC_SSL_TRANSPORT_SECURITY_TYPE);
498  GPR_ASSERT(invalid_ctx != nullptr);
499  GPR_ASSERT(check_spiffe_id(invalid_ctx.get(), nullptr, false));
500  tsi_peer_destruct(&invalid_peer);
501  invalid_ctx.reset(DEBUG_LOCATION, "test");
502  // A valid SPIFFE ID should be plumbed.
503  tsi_peer valid_peer;
504  std::string valid_spiffe_id = "spiffe://foo.bar.com/wl";
505  GPR_ASSERT(tsi_construct_peer(1, &valid_peer) == TSI_OK);
506  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
507  TSI_X509_URI_PEER_PROPERTY, valid_spiffe_id.c_str(),
508  &valid_peer.properties[0]) == TSI_OK);
509  grpc_core::RefCountedPtr<grpc_auth_context> valid_ctx =
510  grpc_ssl_peer_to_auth_context(&valid_peer,
511  GRPC_SSL_TRANSPORT_SECURITY_TYPE);
512  GPR_ASSERT(valid_ctx != nullptr);
513  GPR_ASSERT(check_spiffe_id(valid_ctx.get(), "spiffe://foo.bar.com/wl", true));
514  tsi_peer_destruct(&valid_peer);
515  valid_ctx.reset(DEBUG_LOCATION, "test");
516  // Multiple SPIFFE IDs should not be plumbed.
517  tsi_peer multiple_peer;
518  std::vector<std::string> multiple_spiffe_id = {
519  "spiffe://foo.bar.com/wl", "https://xyz", "spiffe://foo.bar.com/wl2"};
520  GPR_ASSERT(tsi_construct_peer(multiple_spiffe_id.size(), &multiple_peer) ==
521  TSI_OK);
522  for (i = 0; i < multiple_spiffe_id.size(); i++) {
523  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
524  TSI_X509_URI_PEER_PROPERTY, multiple_spiffe_id[i].c_str(),
525  &multiple_peer.properties[i]) == TSI_OK);
526  }
527  grpc_core::RefCountedPtr<grpc_auth_context> multiple_ctx =
528  grpc_ssl_peer_to_auth_context(&multiple_peer,
529  GRPC_SSL_TRANSPORT_SECURITY_TYPE);
530  GPR_ASSERT(multiple_ctx != nullptr);
531  GPR_ASSERT(check_spiffe_id(multiple_ctx.get(), nullptr, false));
532  tsi_peer_destruct(&multiple_peer);
533  multiple_ctx.reset(DEBUG_LOCATION, "test");
534  // A valid SPIFFE certificate should only has one URI SAN field.
535  // SPIFFE ID should not be plumbed if there are multiple URIs.
536  tsi_peer multiple_uri_peer;
537  std::vector<std::string> multiple_uri = {"spiffe://foo.bar.com/wl",
538  "https://xyz", "ssh://foo.bar.com/"};
539  GPR_ASSERT(tsi_construct_peer(multiple_uri.size(), &multiple_uri_peer) ==
540  TSI_OK);
541  for (i = 0; i < multiple_spiffe_id.size(); i++) {
542  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
543  TSI_X509_URI_PEER_PROPERTY, multiple_uri[i].c_str(),
544  &multiple_uri_peer.properties[i]) == TSI_OK);
545  }
546  grpc_core::RefCountedPtr<grpc_auth_context> multiple_uri_ctx =
547  grpc_ssl_peer_to_auth_context(&multiple_uri_peer,
548  GRPC_SSL_TRANSPORT_SECURITY_TYPE);
549  GPR_ASSERT(multiple_uri_ctx != nullptr);
550  GPR_ASSERT(check_spiffe_id(multiple_uri_ctx.get(), nullptr, false));
551  tsi_peer_destruct(&multiple_uri_peer);
552  multiple_uri_ctx.reset(DEBUG_LOCATION, "test");
553 }
554 
555 static void test_subject_to_auth_context(void) {
556  tsi_peer peer;
557  const char* expected_subject = "subject1";
558  GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
559  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
560  TSI_X509_SUBJECT_PEER_PROPERTY, expected_subject,
561  &peer.properties[0]) == TSI_OK);
562  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
563  grpc_ssl_peer_to_auth_context(&peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
564  GPR_ASSERT(ctx != nullptr);
565  GPR_ASSERT(check_property(ctx.get(), GRPC_X509_SUBJECT_PROPERTY_NAME,
566  expected_subject));
567  tsi_peer_destruct(&peer);
568  ctx.reset(DEBUG_LOCATION, "test");
569 }
570 
571 static const char* roots_for_override_api = "roots for override api";
572 
573 static grpc_ssl_roots_override_result override_roots_success(
574  char** pem_root_certs) {
575  *pem_root_certs = gpr_strdup(roots_for_override_api);
576  return GRPC_SSL_ROOTS_OVERRIDE_OK;
577 }
578 
579 static grpc_ssl_roots_override_result override_roots_permanent_failure(
580  char** /*pem_root_certs*/) {
581  return GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY;
582 }
583 
584 static void test_ipv6_address_san(void) {
585  const char* addresses[] = {
586  "2001:db8::1", "fe80::abcd:ef65:4321%em0", "fd11:feed:beef:0:cafe::4",
587  "128.10.0.1:8888", "[2001:db8::1]:8080", "[2001:db8::1%em1]:8080",
588  };
589  const char* san_ips[] = {
590  "2001:db8::1", "fe80::abcd:ef65:4321", "fd11:feed:beef:0:cafe::4",
591  "128.10.0.1", "2001:db8::1", "2001:db8::1",
592  };
593  tsi_peer peer;
594  GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
595  for (size_t i = 0; i < GPR_ARRAY_SIZE(addresses); i++) {
596  GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
597  TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, san_ips[i],
598  &peer.properties[0]) == TSI_OK);
599  GPR_ASSERT(grpc_ssl_host_matches_name(&peer, addresses[i]));
600  tsi_peer_property_destruct(&peer.properties[0]);
601  }
602  tsi_peer_destruct(&peer);
603 }
604 
605 namespace grpc_core {
606 namespace {
607 
608 class TestDefaultSslRootStore : public DefaultSslRootStore {
609  public:
610  static grpc_slice ComputePemRootCertsForTesting() {
611  return ComputePemRootCerts();
612  }
613 };
614 
615 } // namespace
616 } // namespace grpc_core
617 
618 // TODO(unknown): Convert this test to C++ test when security_connector
619 // implementation is converted to C++.
620 static void test_default_ssl_roots(void) {
621  const char* roots_for_env_var = "roots for env var";
622 
623  char* roots_env_var_file_path;
624  FILE* roots_env_var_file =
625  gpr_tmpfile("test_roots_for_env_var", &roots_env_var_file_path);
626  fwrite(roots_for_env_var, 1, strlen(roots_for_env_var), roots_env_var_file);
627  fclose(roots_env_var_file);
628 
629  /* First let's get the root through the override: set the env to an invalid
630  value. */
631  GPR_GLOBAL_CONFIG_SET(grpc_default_ssl_roots_file_path, "");
632  grpc_set_ssl_roots_override_callback(override_roots_success);
633  grpc_slice roots =
634  grpc_core::TestDefaultSslRootStore::ComputePemRootCertsForTesting();
635  char* roots_contents = grpc_slice_to_c_string(roots);
636  grpc_slice_unref(roots);
637  GPR_ASSERT(strcmp(roots_contents, roots_for_override_api) == 0);
638  gpr_free(roots_contents);
639 
640  /* Now let's set the env var: We should get the contents pointed value
641  instead. */
642  GPR_GLOBAL_CONFIG_SET(grpc_default_ssl_roots_file_path,
643  roots_env_var_file_path);
644  roots = grpc_core::TestDefaultSslRootStore::ComputePemRootCertsForTesting();
645  roots_contents = grpc_slice_to_c_string(roots);
646  grpc_slice_unref(roots);
647  GPR_ASSERT(strcmp(roots_contents, roots_for_env_var) == 0);
648  gpr_free(roots_contents);
649 
650  /* Now reset the env var. We should fall back to the value overridden using
651  the api. */
652  GPR_GLOBAL_CONFIG_SET(grpc_default_ssl_roots_file_path, "");
653  roots = grpc_core::TestDefaultSslRootStore::ComputePemRootCertsForTesting();
654  roots_contents = grpc_slice_to_c_string(roots);
655  grpc_slice_unref(roots);
656  GPR_ASSERT(strcmp(roots_contents, roots_for_override_api) == 0);
657  gpr_free(roots_contents);
658 
659  /* Now setup a permanent failure for the overridden roots and we should get
660  an empty slice. */
661  GPR_GLOBAL_CONFIG_SET(grpc_not_use_system_ssl_roots, true);
662  grpc_set_ssl_roots_override_callback(override_roots_permanent_failure);
663  roots = grpc_core::TestDefaultSslRootStore::ComputePemRootCertsForTesting();
664  GPR_ASSERT(GRPC_SLICE_IS_EMPTY(roots));
665  const tsi_ssl_root_certs_store* root_store =
666  grpc_core::TestDefaultSslRootStore::GetRootStore();
667  GPR_ASSERT(root_store == nullptr);
668 
669  /* Cleanup. */
670  remove(roots_env_var_file_path);
671  gpr_free(roots_env_var_file_path);
672 }
673 
674 static void test_peer_alpn_check(void) {
675 #if TSI_OPENSSL_ALPN_SUPPORT
676  tsi_peer peer;
677  const char* alpn = "grpc";
678  const char* wrong_alpn = "wrong";
679  // peer does not have a TSI_SSL_ALPN_SELECTED_PROTOCOL property.
680  GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
681  GPR_ASSERT(tsi_construct_string_peer_property("wrong peer property name",
682  alpn, strlen(alpn),
683  &peer.properties[0]) == TSI_OK);
684  grpc_error_handle error = grpc_ssl_check_alpn(&peer);
685  GPR_ASSERT(!GRPC_ERROR_IS_NONE(error));
686  tsi_peer_destruct(&peer);
687  GRPC_ERROR_UNREF(error);
688  // peer has a TSI_SSL_ALPN_SELECTED_PROTOCOL property but with an incorrect
689  // property value.
690  GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
691  GPR_ASSERT(tsi_construct_string_peer_property(TSI_SSL_ALPN_SELECTED_PROTOCOL,
692  wrong_alpn, strlen(wrong_alpn),
693  &peer.properties[0]) == TSI_OK);
694  error = grpc_ssl_check_alpn(&peer);
695  GPR_ASSERT(!GRPC_ERROR_IS_NONE(error));
696  tsi_peer_destruct(&peer);
697  GRPC_ERROR_UNREF(error);
698  // peer has a TSI_SSL_ALPN_SELECTED_PROTOCOL property with a correct property
699  // value.
700  GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
701  GPR_ASSERT(tsi_construct_string_peer_property(TSI_SSL_ALPN_SELECTED_PROTOCOL,
702  alpn, strlen(alpn),
703  &peer.properties[0]) == TSI_OK);
704  GPR_ASSERT(grpc_ssl_check_alpn(&peer) == GRPC_ERROR_NONE);
705  tsi_peer_destruct(&peer);
706 #else
707  GPR_ASSERT(grpc_ssl_check_alpn(nullptr) == GRPC_ERROR_NONE);
708 #endif
709 }
710 
711 int main(int argc, char** argv) {
712  grpc::testing::TestEnvironment env(&argc, argv);
713  grpc_init();
714  test_unauthenticated_ssl_peer();
715  test_cn_only_ssl_peer_to_auth_context();
716  test_cn_and_one_san_ssl_peer_to_auth_context();
717  test_cn_and_multiple_sans_ssl_peer_to_auth_context();
718  test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context();
719  test_dns_peer_to_auth_context();
720  test_uri_peer_to_auth_context();
721  test_email_peer_to_auth_context();
722  test_ip_peer_to_auth_context();
723  test_spiffe_id_peer_to_auth_context();
724  test_subject_to_auth_context();
725  test_ipv6_address_san();
726  test_default_ssl_roots();
727  test_peer_alpn_check();
728  grpc_shutdown();
729  return 0;
730 }
test_dns_peer_to_auth_context
static void test_dns_peer_to_auth_context(void)
Definition: security_connector_test.cc:401
tsi_security_level_to_string
const char * tsi_security_level_to_string(tsi_security_level security_level)
Definition: transport_security.cc:70
GRPC_PEER_DNS_PROPERTY_NAME
#define GRPC_PEER_DNS_PROPERTY_NAME
Definition: grpc_security_constants.h:48
grpc_slice_unref
GPRAPI void grpc_slice_unref(grpc_slice s)
Definition: slice_api.cc:32
TSI_X509_CERTIFICATE_TYPE
#define TSI_X509_CERTIFICATE_TYPE
Definition: ssl_transport_security.h:34
test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context
static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(void)
Definition: security_connector_test.cc:341
tsi_peer_property_destruct
void tsi_peer_property_destruct(tsi_peer_property *property)
Definition: transport_security.cc:310
check_properties
static int check_properties(const grpc_auth_context *ctx, const char *expected_property_name, const std::vector< std::string > &expected_property_values)
Definition: security_connector_test.cc:98
grpc_auth_context
Definition: security_context.h:63
regen-readme.it
it
Definition: regen-readme.py:15
GRPC_ERROR_NONE
#define GRPC_ERROR_NONE
Definition: error.h:234
log.h
tsi_peer::properties
tsi_peer_property * properties
Definition: transport_security_interface.h:239
test_email_peer_to_auth_context
static void test_email_peer_to_auth_context(void)
Definition: security_connector_test.cc:437
tsi_peer_property::value
struct tsi_peer_property::@48 value
ctx
Definition: benchmark-async.c:30
test_default_ssl_roots
static void test_default_ssl_roots(void)
Definition: security_connector_test.cc:620
generate.env
env
Definition: generate.py:37
TSI_SSL_ALPN_SELECTED_PROTOCOL
#define TSI_SSL_ALPN_SELECTED_PROTOCOL
Definition: ssl_transport_security.h:44
grpc_core::RefCountedPtr::get
T * get() const
Definition: ref_counted_ptr.h:146
pem_root_certs
static char * pem_root_certs
Definition: rb_channel_credentials.c:38
TSI_X509_SUBJECT_PEER_PROPERTY
#define TSI_X509_SUBJECT_PEER_PROPERTY
Definition: ssl_transport_security.h:37
override_roots_success
static grpc_ssl_roots_override_result override_roots_success(char **pem_root_certs)
Definition: security_connector_test.cc:573
TSI_X509_IP_PEER_PROPERTY
#define TSI_X509_IP_PEER_PROPERTY
Definition: ssl_transport_security.h:48
grpc_ssl_peer_to_auth_context
grpc_core::RefCountedPtr< grpc_auth_context > grpc_ssl_peer_to_auth_context(const tsi_peer *peer, const char *transport_security_type)
Definition: ssl_utils.cc:261
grpc_core
Definition: call_metric_recorder.h:31
TSI_SECURITY_LEVEL_PEER_PROPERTY
#define TSI_SECURITY_LEVEL_PEER_PROPERTY
Definition: transport_security_interface.h:226
tsi_peer_property::length
size_t length
Definition: transport_security_interface.h:234
string.h
grpc_core::RefCountedPtr::reset
void reset(T *value=nullptr)
Definition: ref_counted_ptr.h:111
gpr_free
GPRAPI void gpr_free(void *ptr)
Definition: alloc.cc:51
testing::internal::string
::std::string string
Definition: bloaty/third_party/protobuf/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:881
error
grpc_error_handle error
Definition: retry_filter.cc:499
grpc_auth_context_peer_is_authenticated
GRPCAPI int grpc_auth_context_peer_is_authenticated(const grpc_auth_context *ctx)
Definition: security_context.cc:168
GRPC_SSL_TRANSPORT_SECURITY_TYPE
#define GRPC_SSL_TRANSPORT_SECURITY_TYPE
Definition: grpc_security_constants.h:27
gpr_tmpfile
FILE * gpr_tmpfile(const char *prefix, char **tmp_filename)
test_unauthenticated_ssl_peer
static void test_unauthenticated_ssl_peer(void)
Definition: security_connector_test.cc:158
check_spiffe_id
static int check_spiffe_id(const grpc_auth_context *ctx, const char *expected_spiffe_id, bool expect_spiffe_id)
Definition: security_connector_test.cc:129
grpc_security.h
ssl_transport_security.h
grpc_auth_property_iterator_next
const GRPCAPI grpc_auth_property * grpc_auth_property_iterator_next(grpc_auth_property_iterator *it)
Definition: security_context.cc:182
test_ip_peer_to_auth_context
static void test_ip_peer_to_auth_context(void)
Definition: security_connector_test.cc:455
TSI_X509_URI_PEER_PROPERTY
#define TSI_X509_URI_PEER_PROPERTY
Definition: ssl_transport_security.h:46
override_roots_permanent_failure
static grpc_ssl_roots_override_result override_roots_permanent_failure(char **)
Definition: security_connector_test.cc:579
test_subject_to_auth_context
static void test_subject_to_auth_context(void)
Definition: security_connector_test.cc:555
test_peer_alpn_check
static void test_peer_alpn_check(void)
Definition: security_connector_test.cc:674
TSI_X509_DNS_PEER_PROPERTY
#define TSI_X509_DNS_PEER_PROPERTY
Definition: ssl_transport_security.h:45
TSI_OK
@ TSI_OK
Definition: transport_security_interface.h:32
GRPC_PEER_IP_PROPERTY_NAME
#define GRPC_PEER_IP_PROPERTY_NAME
Definition: grpc_security_constants.h:52
DEBUG_LOCATION
#define DEBUG_LOCATION
Definition: debug_location.h:41
string_util.h
GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME
#define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME
Definition: grpc_security_constants.h:26
GRPC_PEER_SPIFFE_ID_PROPERTY_NAME
#define GRPC_PEER_SPIFFE_ID_PROPERTY_NAME
Definition: grpc_security_constants.h:49
grpc_core::RefCountedPtr< grpc_auth_context >
GPR_ASSERT
#define GPR_ASSERT(x)
Definition: include/grpc/impl/codegen/log.h:94
gen_stats_data.c_str
def c_str(s, encoding='ascii')
Definition: gen_stats_data.py:38
grpc_shallow_peer_from_ssl_auth_context
tsi_peer grpc_shallow_peer_from_ssl_auth_context(const grpc_auth_context *auth_context)
Definition: ssl_utils.cc:361
test_cn_and_one_san_ssl_peer_to_auth_context
static void test_cn_and_one_san_ssl_peer_to_auth_context(void)
Definition: security_connector_test.cc:232
GRPC_SLICE_IS_EMPTY
#define GRPC_SLICE_IS_EMPTY(slice)
Definition: include/grpc/impl/codegen/slice.h:112
TSI_X509_PEM_CERT_PROPERTY
#define TSI_X509_PEM_CERT_PROPERTY
Definition: ssl_transport_security.h:42
gpr_log
GPRAPI void gpr_log(const char *file, int line, gpr_log_severity severity, const char *format,...) GPR_PRINT_FORMAT_CHECK(4
grpc_auth_property::name
char * name
Definition: grpc_security.h:44
grpc_auth_property_iterator
Definition: grpc_security.h:36
GRPC_X509_SUBJECT_PROPERTY_NAME
#define GRPC_X509_SUBJECT_PROPERTY_NAME
Definition: grpc_security_constants.h:31
grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Definition: grpc_security_constants.h:66
GRPC_SSL_ROOTS_OVERRIDE_OK
@ GRPC_SSL_ROOTS_OVERRIDE_OK
Definition: grpc_security_constants.h:67
security_connector.h
grpc_ssl_check_alpn
grpc_error_handle grpc_ssl_check_alpn(const tsi_peer *peer)
Definition: ssl_utils.cc:141
grpc_auth_property::value_length
size_t value_length
Definition: grpc_security.h:46
tmpfile.h
GRPC_X509_CN_PROPERTY_NAME
#define GRPC_X509_CN_PROPERTY_NAME
Definition: grpc_security_constants.h:30
test_uri_peer_to_auth_context
static void test_uri_peer_to_auth_context(void)
Definition: security_connector_test.cc:419
grpc_slice
Definition: include/grpc/impl/codegen/slice.h:65
tsi_peer_property::data
char * data
Definition: transport_security_interface.h:233
check_ssl_peer_equivalence
static int check_ssl_peer_equivalence(const tsi_peer *original, const tsi_peer *reconstructed)
Definition: security_connector_test.cc:59
grpc_auth_property::value
char * value
Definition: grpc_security.h:45
GPR_ERROR
#define GPR_ERROR
Definition: include/grpc/impl/codegen/log.h:57
GRPC_PEER_EMAIL_PROPERTY_NAME
#define GRPC_PEER_EMAIL_PROPERTY_NAME
Definition: grpc_security_constants.h:51
tsi_peer_property::name
char * name
Definition: transport_security_interface.h:231
test_cn_and_multiple_sans_ssl_peer_to_auth_context
static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void)
Definition: security_connector_test.cc:286
ssl_utils_config.h
GPR_GLOBAL_CONFIG_SET
#define GPR_GLOBAL_CONFIG_SET(name, value)
Definition: global_config_generic.h:26
roots_for_override_api
static const char * roots_for_override_api
Definition: security_connector_test.cc:571
grpc_auth_property
Definition: grpc_security.h:43
tsi_peer_property
Definition: transport_security_interface.h:230
test_config.h
grpc_slice_to_c_string
GPRAPI char * grpc_slice_to_c_string(grpc_slice s)
Definition: slice/slice.cc:35
tsi_peer
Definition: transport_security_interface.h:238
GRPC_X509_PEM_CERT_PROPERTY_NAME
#define GRPC_X509_PEM_CERT_PROPERTY_NAME
Definition: grpc_security_constants.h:33
security_context.h
GPR_ARRAY_SIZE
#define GPR_ARRAY_SIZE(array)
Definition: useful.h:129
transport_security.h
benchmark.FILE
FILE
Definition: benchmark.py:21
grpc_shallow_peer_destruct
void grpc_shallow_peer_destruct(tsi_peer *peer)
Definition: ssl_utils.cc:418
check_property
static int check_property(const grpc_auth_context *ctx, const char *expected_property_name, const char *expected_property_value)
Definition: security_connector_test.cc:75
tsi_ssl_root_certs_store
Definition: ssl_transport_security.cc:84
grpc::fclose
fclose(creds_file)
grpc_ssl_host_matches_name
int grpc_ssl_host_matches_name(const tsi_peer *peer, absl::string_view peer_name)
Definition: ssl_utils.cc:216
alloc.h
test_ipv6_address_san
static void test_ipv6_address_san(void)
Definition: security_connector_test.cc:584
grpc::testing::TestEnvironment
Definition: test/core/util/test_config.h:54
grpc_set_ssl_roots_override_callback
GRPCAPI void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb)
Definition: ssl_utils.cc:71
TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY
#define TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY
Definition: ssl_transport_security.h:38
main
int main(int argc, char **argv)
Definition: security_connector_test.cc:711
GRPC_ERROR_UNREF
#define GRPC_ERROR_UNREF(err)
Definition: error.h:262
ref_counted_ptr.h
gpr_strdup
GPRAPI char * gpr_strdup(const char *src)
Definition: string.cc:39
GRPC_X509_SAN_PROPERTY_NAME
#define GRPC_X509_SAN_PROPERTY_NAME
Definition: grpc_security_constants.h:32
TSI_PRIVACY_AND_INTEGRITY
@ TSI_PRIVACY_AND_INTEGRITY
Definition: transport_security_interface.h:56
grpc_auth_context_find_properties_by_name
GRPCAPI grpc_auth_property_iterator grpc_auth_context_find_properties_by_name(const grpc_auth_context *ctx, const char *name)
Definition: security_context.cc:207
check_peer_property
static int check_peer_property(const tsi_peer *peer, const tsi_peer_property *expected)
Definition: security_connector_test.cc:44
GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY
@ GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY
Definition: grpc_security_constants.h:68
TSI_CERTIFICATE_TYPE_PEER_PROPERTY
#define TSI_CERTIFICATE_TYPE_PEER_PROPERTY
Definition: transport_security_interface.h:223
grpc_init
GRPCAPI void grpc_init(void)
Definition: init.cc:146
grpc_error
Definition: error_internal.h:42
GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME
#define GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME
Definition: grpc_security_constants.h:45
TSI_X509_PEM_CERT_CHAIN_PROPERTY
#define TSI_X509_PEM_CERT_CHAIN_PROPERTY
Definition: ssl_transport_security.h:43
TSI_X509_EMAIL_PEER_PROPERTY
#define TSI_X509_EMAIL_PEER_PROPERTY
Definition: ssl_transport_security.h:47
test_spiffe_id_peer_to_auth_context
static void test_spiffe_id_peer_to_auth_context(void)
Definition: security_connector_test.cc:474
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY
#define TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY
Definition: ssl_transport_security.h:39
tsi_peer_destruct
void tsi_peer_destruct(tsi_peer *self)
Definition: transport_security.cc:320
GRPC_PEER_URI_PROPERTY_NAME
#define GRPC_PEER_URI_PROPERTY_NAME
Definition: grpc_security_constants.h:50
grpc_shutdown
GRPCAPI void grpc_shutdown(void)
Definition: init.cc:209
tsi_construct_string_peer_property
tsi_result tsi_construct_string_peer_property(const char *name, const char *value, size_t value_length, tsi_peer_property *property)
Definition: transport_security.cc:346
test_cn_only_ssl_peer_to_auth_context
static void test_cn_only_ssl_peer_to_auth_context(void)
Definition: security_connector_test.cc:185
ssl_utils.h
slice_string_helpers.h
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
tsi_construct_string_peer_property_from_cstring
tsi_result tsi_construct_string_peer_property_from_cstring(const char *name, const char *value, tsi_peer_property *property)
Definition: transport_security.cc:340
tsi_construct_peer
tsi_result tsi_construct_peer(size_t property_count, tsi_peer *peer)
Definition: transport_security.cc:359
tsi_peer::property_count
size_t property_count
Definition: transport_security_interface.h:240
GRPC_ERROR_IS_NONE
#define GRPC_ERROR_IS_NONE(err)
Definition: error.h:241

grpc
Author(s):
autogenerated on Thu Mar 13 2025 03:01:15