1 /* 2 * Copyright 2020 The gRPC Authors 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package io.grpc.xds; 18 19 import com.google.common.collect.ImmutableList; 20 import com.google.common.collect.ImmutableMap; 21 import io.grpc.internal.JsonParser; 22 import io.grpc.xds.Bootstrapper.ServerInfo; 23 import io.grpc.xds.internal.security.CommonTlsContextTestsUtil; 24 import java.io.IOException; 25 import java.util.HashMap; 26 import java.util.Map; 27 import javax.annotation.Nullable; 28 29 public class CommonBootstrapperTestUtils { 30 private static final String FILE_WATCHER_CONFIG = "{\"path\": \"/etc/secret/certs\"}"; 31 private static final String MESHCA_CONFIG = 32 "{\n" 33 + " \"server\": {\n" 34 + " \"api_type\": \"GRPC\",\n" 35 + " \"grpc_services\": [{\n" 36 + " \"google_grpc\": {\n" 37 + " \"target_uri\": \"meshca.com\",\n" 38 + " \"channel_credentials\": {\"google_default\": {}},\n" 39 + " \"call_credentials\": [{\n" 40 + " \"sts_service\": {\n" 41 + " \"token_exchange_service\": \"securetoken.googleapis.com\",\n" 42 + " \"subject_token_path\": \"/etc/secret/sajwt.token\"\n" 43 + " }\n" 44 + " }]\n" // end call_credentials 45 + " },\n" // end google_grpc 46 + " \"time_out\": {\"seconds\": 10}\n" 47 + " }]\n" // end grpc_services 48 + " },\n" // end server 49 + " \"certificate_lifetime\": {\"seconds\": 86400},\n" 50 + " \"renewal_grace_period\": {\"seconds\": 3600},\n" 51 + " \"key_type\": \"RSA\",\n" 52 + " \"key_size\": 2048,\n" 53 + " \"location\": \"https://container.googleapis.com/v1/project/test-project1/locations/test-zone2/clusters/test-cluster3\"\n" 54 + " }"; 55 56 /** Creates a test bootstrap info object. */ 57 @SuppressWarnings("unchecked") getTestBootstrapInfo()58 public static Bootstrapper.BootstrapInfo getTestBootstrapInfo() { 59 try { 60 Bootstrapper.CertificateProviderInfo gcpId = 61 Bootstrapper.CertificateProviderInfo.create( 62 "testca", (Map<String, ?>) JsonParser.parse(MESHCA_CONFIG)); 63 Bootstrapper.CertificateProviderInfo fileProvider = 64 Bootstrapper.CertificateProviderInfo.create( 65 "file_watcher", (Map<String, ?>) JsonParser.parse(FILE_WATCHER_CONFIG)); 66 Map<String, Bootstrapper.CertificateProviderInfo> certProviders = 67 ImmutableMap.of("gcp_id", gcpId, "file_provider", fileProvider); 68 Bootstrapper.BootstrapInfo bootstrapInfo = 69 Bootstrapper.BootstrapInfo.builder() 70 .servers(ImmutableList.<Bootstrapper.ServerInfo>of()) 71 .node(EnvoyProtoData.Node.newBuilder().build()) 72 .certProviders(certProviders) 73 .serverListenerResourceNameTemplate("grpc/server") 74 .build(); 75 return bootstrapInfo; 76 } catch (IOException e) { 77 throw new AssertionError(e); 78 } 79 } 80 81 /** 82 * Build {@link Bootstrapper.BootstrapInfo} for certProviderInstance tests. 83 * Populates with temp file paths. 84 */ buildBootstrapInfo( String certInstanceName1, @Nullable String privateKey1, @Nullable String cert1, @Nullable String trustCa1, String certInstanceName2, String privateKey2, String cert2, String trustCa2)85 public static Bootstrapper.BootstrapInfo buildBootstrapInfo( 86 String certInstanceName1, @Nullable String privateKey1, 87 @Nullable String cert1, 88 @Nullable String trustCa1, String certInstanceName2, String privateKey2, String cert2, 89 String trustCa2) { 90 // get temp file for each file 91 try { 92 if (privateKey1 != null) { 93 privateKey1 = CommonTlsContextTestsUtil.getTempFileNameForResourcesFile(privateKey1); 94 } 95 if (cert1 != null) { 96 cert1 = CommonTlsContextTestsUtil.getTempFileNameForResourcesFile(cert1); 97 } 98 if (trustCa1 != null) { 99 trustCa1 = CommonTlsContextTestsUtil.getTempFileNameForResourcesFile(trustCa1); 100 } 101 if (privateKey2 != null) { 102 privateKey2 = CommonTlsContextTestsUtil.getTempFileNameForResourcesFile(privateKey2); 103 } 104 if (cert2 != null) { 105 cert2 = CommonTlsContextTestsUtil.getTempFileNameForResourcesFile(cert2); 106 } 107 if (trustCa2 != null) { 108 trustCa2 = CommonTlsContextTestsUtil.getTempFileNameForResourcesFile(trustCa2); 109 } 110 } catch (IOException ioe) { 111 throw new RuntimeException(ioe); 112 } 113 HashMap<String, String> config = new HashMap<>(); 114 config.put("certificate_file", cert1); 115 config.put("private_key_file", privateKey1); 116 config.put("ca_certificate_file", trustCa1); 117 Bootstrapper.CertificateProviderInfo certificateProviderInfo = 118 Bootstrapper.CertificateProviderInfo.create("file_watcher", config); 119 HashMap<String, Bootstrapper.CertificateProviderInfo> certProviders = 120 new HashMap<>(); 121 certProviders.put(certInstanceName1, certificateProviderInfo); 122 if (certInstanceName2 != null) { 123 config = new HashMap<>(); 124 config.put("certificate_file", cert2); 125 config.put("private_key_file", privateKey2); 126 config.put("ca_certificate_file", trustCa2); 127 certificateProviderInfo = 128 Bootstrapper.CertificateProviderInfo.create("file_watcher", config); 129 certProviders.put(certInstanceName2, certificateProviderInfo); 130 } 131 return Bootstrapper.BootstrapInfo.builder() 132 .servers(ImmutableList.<ServerInfo>of()) 133 .node(EnvoyProtoData.Node.newBuilder().build()) 134 .certProviders(certProviders) 135 .build(); 136 } 137 } 138