aws_request_signer_test.cc
Go to the documentation of this file.
1 //
2 // Copyright 2020 gRPC authors.
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include "src/core/lib/security/credentials/external/aws_request_signer.h"
18 
19 #include <gmock/gmock.h>
20 
21 #include <grpc/grpc_security.h>
22 
23 #include "test/core/util/test_config.h"
24 
25 namespace testing {
26 
27 namespace {
28 // Test cases of Aws endpoints that the aws-sourced credentials will depend
29 // on.
30 const char* kAmzTestAccessKeyId = "ASIARD4OQDT6A77FR3CL";
31 const char* kAmzTestSecretAccessKey =
32  "Y8AfSaucF37G4PpvfguKZ3/l7Id4uocLXxX0+VTx";
33 const char* kAmzTestToken =
34  "IQoJb3JpZ2luX2VjEIz//////////wEaCXVzLWVhc3QtMiJGMEQCIH7MHX/Oy/"
35  "OB8OlLQa9GrqU1B914+iMikqWQW7vPCKlgAiA/"
36  "Lsv8Jcafn14owfxXn95FURZNKaaphj0ykpmS+Ki+"
37  "CSq0AwhlEAAaDDA3NzA3MTM5MTk5NiIMx9sAeP1ovlMTMKLjKpEDwuJQg41/"
38  "QUKx0laTZYjPlQvjwSqS3OB9P1KAXPWSLkliVMMqaHqelvMF/WO/"
39  "glv3KwuTfQsavRNs3v5pcSEm4SPO3l7mCs7KrQUHwGP0neZhIKxEXy+Ls//1C/"
40  "Bqt53NL+LSbaGv6RPHaX82laz2qElphg95aVLdYgIFY6JWV5fzyjgnhz0DQmy62/"
41  "Vi8pNcM2/"
42  "VnxeCQ8CC8dRDSt52ry2v+nc77vstuI9xV5k8mPtnaPoJDRANh0bjwY5Sdwkbp+"
43  "mGRUJBAQRlNgHUJusefXQgVKBCiyJY4w3Csd8Bgj9IyDV+"
44  "Azuy1jQqfFZWgP68LSz5bURyIjlWDQunO82stZ0BgplKKAa/"
45  "KJHBPCp8Qi6i99uy7qh76FQAqgVTsnDuU6fGpHDcsDSGoCls2HgZjZFPeOj8mmRhFk1Xqvkb"
46  "juz8V1cJk54d3gIJvQt8gD2D6yJQZecnuGWd5K2e2HohvCc8Fc9kBl1300nUJPV+k4tr/"
47  "A5R/0QfEKOZL1/"
48  "k5lf1g9CREnrM8LVkGxCgdYMxLQow1uTL+QU67AHRRSp5PhhGX4Rek+"
49  "01vdYSnJCMaPhSEgcLqDlQkhk6MPsyT91QMXcWmyO+cAZwUPwnRamFepuP4K8k2KVXs/"
50  "LIJHLELwAZ0ekyaS7CptgOqS7uaSTFG3U+vzFZLEnGvWQ7y9IPNQZ+"
51  "Dffgh4p3vF4J68y9049sI6Sr5d5wbKkcbm8hdCDHZcv4lnqohquPirLiFQ3q7B17V9krMPu3"
52  "mz1cg4Ekgcrn/"
53  "E09NTsxAqD8NcZ7C7ECom9r+"
54  "X3zkDOxaajW6hu3Az8hGlyylDaMiFfRbBJpTIlxp7jfa7CxikNgNtEKLH9iCzvuSg2vhA==";
55 const char* kAmzTestDate = "20200811T065522Z";
56 
57 // Test cases derived from the Aws signature v4 test suite.
58 // https://github.com/boto/botocore/tree/master/tests/unit/auth/aws4_testsuite
59 const char* kBotoTestAccessKeyId = "AKIDEXAMPLE";
60 const char* kBotoTestSecretAccessKey =
61  "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
62 const char* kBotoTestToken = "";
63 const char* kBotoTestDate = "Mon, 09 Sep 2011 23:36:00 GMT";
64 } // namespace
65 
66 // AWS official example from the developer doc.
67 // https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
68 TEST(GrpcAwsRequestSignerTest, AWSOfficialExample) {
69  grpc_error_handle error = GRPC_ERROR_NONE;
70  grpc_core::AwsRequestSigner signer(
71  "AKIDEXAMPLE", "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY", "", "GET",
72  "https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08",
73  "us-east-1", "",
74  {{"content-type", "application/x-www-form-urlencoded; charset=utf-8"},
75  {"x-amz-date", "20150830T123600Z"}},
76  &error);
77  EXPECT_EQ(error, GRPC_ERROR_NONE);
78  EXPECT_EQ(signer.GetSignedRequestHeaders()["Authorization"],
79  "AWS4-HMAC-SHA256 "
80  "Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request, "
81  "SignedHeaders=content-type;host;x-amz-date, "
82  "Signature="
83  "5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7");
84 }
85 
86 TEST(GrpcAwsRequestSignerTest, GetDescribeRegions) {
87  grpc_error_handle error = GRPC_ERROR_NONE;
88  grpc_core::AwsRequestSigner signer(
89  kAmzTestAccessKeyId, kAmzTestSecretAccessKey, kAmzTestToken, "GET",
90  "https://"
91  "ec2.us-east-2.amazonaws.com?Action=DescribeRegions&Version=2013-10-15",
92  "us-east-2", "", {{"x-amz-date", kAmzTestDate}}, &error);
93  EXPECT_EQ(error, GRPC_ERROR_NONE);
94  EXPECT_EQ(
95  signer.GetSignedRequestHeaders()["Authorization"],
96  "AWS4-HMAC-SHA256 "
97  "Credential=ASIARD4OQDT6A77FR3CL/20200811/us-east-2/ec2/aws4_request, "
98  "SignedHeaders=host;x-amz-date;x-amz-security-token, "
99  "Signature="
100  "631ea80cddfaa545fdadb120dc92c9f18166e38a5c47b50fab9fce476e022855");
101 }
102 
103 TEST(GrpcAwsRequestSignerTest, PostGetCallerIdentity) {
104  grpc_error_handle error = GRPC_ERROR_NONE;
105  grpc_core::AwsRequestSigner signer(
106  kAmzTestAccessKeyId, kAmzTestSecretAccessKey, kAmzTestToken, "POST",
107  "https://"
108  "sts.us-east-2.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15",
109  "us-east-2", "", {{"x-amz-date", kAmzTestDate}}, &error);
110  EXPECT_EQ(error, GRPC_ERROR_NONE);
111  EXPECT_EQ(
112  signer.GetSignedRequestHeaders()["Authorization"],
113  "AWS4-HMAC-SHA256 "
114  "Credential=ASIARD4OQDT6A77FR3CL/20200811/us-east-2/sts/aws4_request, "
115  "SignedHeaders=host;x-amz-date;x-amz-security-token, "
116  "Signature="
117  "73452984e4a880ffdc5c392355733ec3f5ba310d5e0609a89244440cadfe7a7a");
118 }
119 
120 TEST(GrpcAwsRequestSignerTest, PostGetCallerIdentityNoToken) {
121  grpc_error_handle error = GRPC_ERROR_NONE;
122  grpc_core::AwsRequestSigner signer(
123  kAmzTestAccessKeyId, kAmzTestSecretAccessKey, "", "POST",
124  "https://"
125  "sts.us-east-2.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15",
126  "us-east-2", "", {{"x-amz-date", kAmzTestDate}}, &error);
127  EXPECT_EQ(error, GRPC_ERROR_NONE);
128  EXPECT_EQ(
129  signer.GetSignedRequestHeaders()["Authorization"],
130  "AWS4-HMAC-SHA256 "
131  "Credential=ASIARD4OQDT6A77FR3CL/20200811/us-east-2/sts/aws4_request, "
132  "SignedHeaders=host;x-amz-date, "
133  "Signature="
134  "d095ba304919cd0d5570ba8a3787884ee78b860f268ed040ba23831d55536d56");
135 }
136 
137 TEST(GrpcAwsRequestSignerTest, GetHost) {
138  grpc_error_handle error = GRPC_ERROR_NONE;
139  grpc_core::AwsRequestSigner signer(kBotoTestAccessKeyId,
140  kBotoTestSecretAccessKey, kBotoTestToken,
141  "GET", "https://host.foo.com", "us-east-1",
142  "", {{"date", kBotoTestDate}}, &error);
143  EXPECT_EQ(error, GRPC_ERROR_NONE);
144  EXPECT_EQ(signer.GetSignedRequestHeaders()["Authorization"],
145  "AWS4-HMAC-SHA256 "
146  "Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, "
147  "SignedHeaders=date;host, "
148  "Signature="
149  "b27ccfbfa7df52a200ff74193ca6e32d4b48b8856fab7ebf1c595d0670a7e470");
150 }
151 
152 TEST(GrpcAwsRequestSignerTest, GetHostDuplicateQueryParam) {
153  grpc_error_handle error = GRPC_ERROR_NONE;
154  grpc_core::AwsRequestSigner signer(
155  kBotoTestAccessKeyId, kBotoTestSecretAccessKey, kBotoTestToken, "GET",
156  "https://host.foo.com/?foo=Zoo&foo=aha", "us-east-1", "",
157  {{"date", kBotoTestDate}}, &error);
158  EXPECT_EQ(error, GRPC_ERROR_NONE);
159  EXPECT_EQ(signer.GetSignedRequestHeaders()["Authorization"],
160  "AWS4-HMAC-SHA256 "
161  "Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, "
162  "SignedHeaders=date;host, "
163  "Signature="
164  "be7148d34ebccdc6423b19085378aa0bee970bdc61d144bd1a8c48c33079ab09");
165 }
166 
167 TEST(GrpcAwsRequestSignerTest, PostWithUpperCaseHeaderKey) {
168  grpc_error_handle error = GRPC_ERROR_NONE;
169  grpc_core::AwsRequestSigner signer(
170  kBotoTestAccessKeyId, kBotoTestSecretAccessKey, kBotoTestToken, "POST",
171  "https://host.foo.com/", "us-east-1", "",
172  {{"date", kBotoTestDate}, {"ZOO", "zoobar"}}, &error);
173  EXPECT_EQ(error, GRPC_ERROR_NONE);
174  EXPECT_EQ(signer.GetSignedRequestHeaders()["Authorization"],
175  "AWS4-HMAC-SHA256 "
176  "Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, "
177  "SignedHeaders=date;host;zoo, "
178  "Signature="
179  "b7a95a52518abbca0964a999a880429ab734f35ebbf1235bd79a5de87756dc4a");
180 }
181 
182 TEST(GrpcAwsRequestSignerTest, PostWithUpperCaseHeaderValue) {
183  grpc_error_handle error = GRPC_ERROR_NONE;
184  grpc_core::AwsRequestSigner signer(
185  kBotoTestAccessKeyId, kBotoTestSecretAccessKey, kBotoTestToken, "POST",
186  "https://host.foo.com/", "us-east-1", "",
187  {{"date", kBotoTestDate}, {"zoo", "ZOOBAR"}}, &error);
188  EXPECT_EQ(error, GRPC_ERROR_NONE);
189  EXPECT_EQ(signer.GetSignedRequestHeaders()["Authorization"],
190  "AWS4-HMAC-SHA256 "
191  "Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, "
192  "SignedHeaders=date;host;zoo, "
193  "Signature="
194  "273313af9d0c265c531e11db70bbd653f3ba074c1009239e8559d3987039cad7");
195 }
196 
197 TEST(GrpcAwsRequestSignerTest, SignPostWithHeader) {
198  grpc_error_handle error = GRPC_ERROR_NONE;
199  grpc_core::AwsRequestSigner signer(
200  kBotoTestAccessKeyId, kBotoTestSecretAccessKey, kBotoTestToken, "POST",
201  "https://host.foo.com/", "us-east-1", "",
202  {{"date", kBotoTestDate}, {"p", "phfft"}}, &error);
203  EXPECT_EQ(error, GRPC_ERROR_NONE);
204  EXPECT_EQ(signer.GetSignedRequestHeaders()["Authorization"],
205  "AWS4-HMAC-SHA256 "
206  "Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, "
207  "SignedHeaders=date;host;p, "
208  "Signature="
209  "debf546796015d6f6ded8626f5ce98597c33b47b9164cf6b17b4642036fcb592");
210 }
211 
212 TEST(GrpcAwsRequestSignerTest, PostWithBodyNoCustomHeaders) {
213  grpc_error_handle error = GRPC_ERROR_NONE;
214  grpc_core::AwsRequestSigner signer(
215  kBotoTestAccessKeyId, kBotoTestSecretAccessKey, kBotoTestToken, "POST",
216  "https://host.foo.com/", "us-east-1", "foo=bar",
217  {{"date", kBotoTestDate},
218  {"Content-Type", "application/x-www-form-urlencoded"}},
219  &error);
220  EXPECT_EQ(error, GRPC_ERROR_NONE);
221  EXPECT_EQ(signer.GetSignedRequestHeaders()["Authorization"],
222  "AWS4-HMAC-SHA256 "
223  "Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, "
224  "SignedHeaders=content-type;date;host, "
225  "Signature="
226  "5a15b22cf462f047318703b92e6f4f38884e4a7ab7b1d6426ca46a8bd1c26cbc");
227 }
228 
229 TEST(GrpcAwsRequestSignerTest, SignPostWithQueryString) {
230  grpc_error_handle error = GRPC_ERROR_NONE;
231  grpc_core::AwsRequestSigner signer(
232  kBotoTestAccessKeyId, kBotoTestSecretAccessKey, kBotoTestToken, "POST",
233  "https://host.foo.com/?foo=bar", "us-east-1", "",
234  {{"date", kBotoTestDate}}, &error);
235  EXPECT_EQ(error, GRPC_ERROR_NONE);
236  EXPECT_EQ(signer.GetSignedRequestHeaders()["Authorization"],
237  "AWS4-HMAC-SHA256 "
238  "Credential=AKIDEXAMPLE/20110909/us-east-1/host/aws4_request, "
239  "SignedHeaders=date;host, "
240  "Signature="
241  "b6e3b79003ce0743a491606ba1035a804593b0efb1e20a11cba83f8c25a57a92");
242 }
243 
244 TEST(GrpcAwsRequestSignerTest, InvalidUrl) {
245  grpc_error_handle error = GRPC_ERROR_NONE;
246  grpc_core::AwsRequestSigner signer("access_key_id", "secret_access_key",
247  "token", "POST", "invalid_url",
248  "us-east-1", "", {}, &error);
249  std::string actual_error_description;
250  GPR_ASSERT(grpc_error_get_str(error, GRPC_ERROR_STR_DESCRIPTION,
251  &actual_error_description));
252  EXPECT_EQ(actual_error_description, "Invalid Aws request url.");
253  GRPC_ERROR_UNREF(error);
254 }
255 
256 TEST(GrpcAwsRequestSignerTest, DuplicateRequestDate) {
257  grpc_error_handle error = GRPC_ERROR_NONE;
258  grpc_core::AwsRequestSigner signer(
259  "access_key_id", "secret_access_key", "token", "POST", "invalid_url",
260  "us-east-1", "", {{"date", kBotoTestDate}, {"x-amz-date", kAmzTestDate}},
261  &error);
262  std::string actual_error_description;
263  GPR_ASSERT(grpc_error_get_str(error, GRPC_ERROR_STR_DESCRIPTION,
264  &actual_error_description));
265  EXPECT_EQ(actual_error_description,
266  "Only one of {date, x-amz-date} can be specified, not both.");
267  GRPC_ERROR_UNREF(error);
268 }
269 
270 } // namespace testing
271 
272 int main(int argc, char** argv) {
273  grpc::testing::TestEnvironment env(&argc, argv);
274  ::testing::InitGoogleTest(&argc, argv);
275  grpc_init();
276  int ret = RUN_ALL_TESTS();
277  grpc_shutdown();
278  return ret;
279 }
testing
Definition: aws_request_signer_test.cc:25
GRPC_ERROR_NONE
#define GRPC_ERROR_NONE
Definition: error.h:234
generate.env
env
Definition: generate.py:37
testing::internal::string
::std::string string
Definition: bloaty/third_party/protobuf/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:881
error
grpc_error_handle error
Definition: retry_filter.cc:499
grpc_security.h
grpc_core::AwsRequestSigner
Definition: aws_request_signer.h:36
GRPC_ERROR_STR_DESCRIPTION
@ GRPC_ERROR_STR_DESCRIPTION
top-level textual description of this error
Definition: error.h:106
aws_request_signer.h
EXPECT_EQ
#define EXPECT_EQ(a, b)
Definition: iomgr/time_averaged_stats_test.cc:27
GPR_ASSERT
#define GPR_ASSERT(x)
Definition: include/grpc/impl/codegen/log.h:94
main
int main(int argc, char **argv)
Definition: aws_request_signer_test.cc:272
RUN_ALL_TESTS
int RUN_ALL_TESTS() GTEST_MUST_USE_RESULT_
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2471
test_config.h
testing::InitGoogleTest
GTEST_API_ void InitGoogleTest(int *argc, char **argv)
Definition: bloaty/third_party/googletest/googletest/src/gtest.cc:6106
ret
UniquePtr< SSL_SESSION > ret
Definition: ssl_x509.cc:1029
grpc::testing::TestEnvironment
Definition: test/core/util/test_config.h:54
testing::TEST
TEST(GrpcAwsRequestSignerTest, AWSOfficialExample)
Definition: aws_request_signer_test.cc:68
GRPC_ERROR_UNREF
#define GRPC_ERROR_UNREF(err)
Definition: error.h:262
grpc_error_get_str
bool grpc_error_get_str(grpc_error_handle err, grpc_error_strs which, std::string *s)
Returns false if the specified string is not set.
Definition: error.cc:659
grpc_init
GRPCAPI void grpc_init(void)
Definition: init.cc:146
grpc_error
Definition: error_internal.h:42
grpc_shutdown
GRPCAPI void grpc_shutdown(void)
Definition: init.cc:209

grpc
Author(s):
autogenerated on Fri May 16 2025 02:57:45