xref: /aosp_15_r20/external/grpc-grpc/test/core/end2end/fixtures/h2_ssl_tls_common.h (revision cc02d7e222339f7a4f6ba5f422e6413f4bd931f2) 
1 // Copyright 2023 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef GRPC_TEST_CORE_END2END_FIXTURES_H2_SSL_TLS_COMMON_H
16 #define GRPC_TEST_CORE_END2END_FIXTURES_H2_SSL_TLS_COMMON_H
17 
18 #include <string.h>
19 
20 #include <grpc/grpc.h>
21 #include <grpc/grpc_security.h>
22 #include <grpc/grpc_security_constants.h>
23 #include <grpc/impl/channel_arg_names.h>
24 #include <grpc/slice.h>
25 #include <grpc/status.h>
26 #include <grpc/support/log.h>
27 
28 #include "src/core/lib/channel/channel_args.h"
29 #include "src/core/lib/iomgr/error.h"
30 #include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
31 #include "test/core/end2end/end2end_tests.h"
32 #include "test/core/end2end/fixtures/secure_fixture.h"
33 #include "test/core/util/tls_utils.h"
34 
35 class SslTlsFixture : public SecureFixture {
36  public:
SslTlsFixture(grpc_tls_version tls_version)37   explicit SslTlsFixture(grpc_tls_version tls_version)
38       : tls_version_(tls_version) {}
39 
CaCertPath()40   static const char* CaCertPath() { return "src/core/tsi/test_creds/ca.pem"; }
ServerCertPath()41   static const char* ServerCertPath() {
42     return "src/core/tsi/test_creds/server1.pem";
43   }
ServerKeyPath()44   static const char* ServerKeyPath() {
45     return "src/core/tsi/test_creds/server1.key";
46   }
47 
48  private:
MutateClientArgs(grpc_core::ChannelArgs args)49   grpc_core::ChannelArgs MutateClientArgs(
50       grpc_core::ChannelArgs args) override {
51     return args.Set(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG, "foo.test.google.fr");
52   }
53 
MakeClientCreds(const grpc_core::ChannelArgs &)54   grpc_channel_credentials* MakeClientCreds(
55       const grpc_core::ChannelArgs&) override {
56     grpc_channel_credentials* ssl_creds =
57         grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr);
58     if (ssl_creds != nullptr) {
59       // Set the min and max TLS version.
60       grpc_ssl_credentials* creds =
61           reinterpret_cast<grpc_ssl_credentials*>(ssl_creds);
62       creds->set_min_tls_version(tls_version_);
63       creds->set_max_tls_version(tls_version_);
64     }
65     return ssl_creds;
66   }
67 
MakeServerCreds(const grpc_core::ChannelArgs & args)68   grpc_server_credentials* MakeServerCreds(
69       const grpc_core::ChannelArgs& args) override {
70     std::string server_cert =
71         grpc_core::testing::GetFileContents(ServerCertPath());
72     std::string server_key =
73         grpc_core::testing::GetFileContents(ServerKeyPath());
74     grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key.c_str(),
75                                                     server_cert.c_str()};
76     grpc_server_credentials* ssl_creds = grpc_ssl_server_credentials_create(
77         nullptr, &pem_key_cert_pair, 1, 0, nullptr);
78     if (ssl_creds != nullptr) {
79       // Set the min and max TLS version.
80       grpc_ssl_server_credentials* creds =
81           reinterpret_cast<grpc_ssl_server_credentials*>(ssl_creds);
82       creds->set_min_tls_version(tls_version_);
83       creds->set_max_tls_version(tls_version_);
84     }
85     if (args.Contains(FAIL_AUTH_CHECK_SERVER_ARG_NAME)) {
86       grpc_auth_metadata_processor processor = {process_auth_failure, nullptr,
87                                                 nullptr};
88       grpc_server_credentials_set_auth_metadata_processor(ssl_creds, processor);
89     }
90     return ssl_creds;
91   }
92 
process_auth_failure(void * state,grpc_auth_context *,const grpc_metadata *,size_t,grpc_process_auth_metadata_done_cb cb,void * user_data)93   static void process_auth_failure(void* state, grpc_auth_context* /*ctx*/,
94                                    const grpc_metadata* /*md*/,
95                                    size_t /*md_count*/,
96                                    grpc_process_auth_metadata_done_cb cb,
97                                    void* user_data) {
98     GPR_ASSERT(state == nullptr);
99     cb(user_data, nullptr, 0, nullptr, 0, GRPC_STATUS_UNAUTHENTICATED, nullptr);
100   }
101 
102   grpc_tls_version tls_version_;
103 };
104 
105 #endif  // GRPC_TEST_CORE_END2END_FIXTURES_H2_SSL_TLS_COMMON_H
106