xref: /aosp_15_r20/external/grpc-grpc/test/core/security/alts_security_connector_test.cc (revision cc02d7e222339f7a4f6ba5f422e6413f4bd931f2) 
1 //
2 //
3 // Copyright 2018 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #include "src/core/lib/security/security_connector/alts/alts_security_connector.h"
20 
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 
25 #include <gtest/gtest.h>
26 
27 #include <grpc/grpc.h>
28 #include <grpc/support/alloc.h>
29 #include <grpc/support/log.h>
30 
31 #include "src/core/lib/gprpp/crash.h"
32 #include "src/core/lib/security/context/security_context.h"
33 #include "src/core/lib/transport/transport.h"
34 #include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
35 #include "src/core/tsi/transport_security.h"
36 
37 using grpc_core::internal::grpc_alts_auth_context_from_tsi_peer;
38 
39 // This file contains unit tests of grpc_alts_auth_context_from_tsi_peer().
TEST(AltsSecurityConnectorTest,InvalidInputFailure)40 TEST(AltsSecurityConnectorTest, InvalidInputFailure) {
41   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
42       grpc_alts_auth_context_from_tsi_peer(nullptr);
43   ASSERT_EQ(ctx, nullptr);
44 }
45 
TEST(AltsSecurityConnectorTest,EmptyCertificateTypeFailure)46 TEST(AltsSecurityConnectorTest, EmptyCertificateTypeFailure) {
47   tsi_peer peer;
48   ASSERT_EQ(tsi_construct_peer(0, &peer), TSI_OK);
49   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
50       grpc_alts_auth_context_from_tsi_peer(&peer);
51   ASSERT_EQ(ctx, nullptr);
52   tsi_peer_destruct(&peer);
53 }
54 
TEST(AltsSecurityConnectorTest,EmptyPeerPropertyFailure)55 TEST(AltsSecurityConnectorTest, EmptyPeerPropertyFailure) {
56   tsi_peer peer;
57   ASSERT_EQ(tsi_construct_peer(1, &peer), TSI_OK);
58   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
59                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
60                 &peer.properties[0]),
61             TSI_OK);
62   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
63       grpc_alts_auth_context_from_tsi_peer(&peer);
64   ASSERT_EQ(ctx, nullptr);
65   tsi_peer_destruct(&peer);
66 }
67 
TEST(AltsSecurityConnectorTest,MissingRpcProtocolVersionsPropertyFailure)68 TEST(AltsSecurityConnectorTest, MissingRpcProtocolVersionsPropertyFailure) {
69   tsi_peer peer;
70   ASSERT_EQ(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer), TSI_OK);
71   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
72                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
73                 &peer.properties[0]),
74             TSI_OK);
75   ASSERT_EQ(
76       tsi_construct_string_peer_property_from_cstring(
77           TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", &peer.properties[1]),
78       TSI_OK);
79   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
80       grpc_alts_auth_context_from_tsi_peer(&peer);
81   ASSERT_EQ(ctx, nullptr);
82   tsi_peer_destruct(&peer);
83 }
84 
TEST(AltsSecurityConnectorTest,MissingSecurityLevelPropertyFailure)85 TEST(AltsSecurityConnectorTest, MissingSecurityLevelPropertyFailure) {
86   tsi_peer peer;
87   ASSERT_EQ(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer), TSI_OK);
88   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
89                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
90                 &peer.properties[0]),
91             TSI_OK);
92   ASSERT_EQ(
93       tsi_construct_string_peer_property_from_cstring(
94           TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", &peer.properties[1]),
95       TSI_OK);
96   grpc_gcp_rpc_protocol_versions peer_versions;
97   grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
98                                          GRPC_PROTOCOL_VERSION_MAX_MAJOR,
99                                          GRPC_PROTOCOL_VERSION_MAX_MINOR);
100   grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
101                                          GRPC_PROTOCOL_VERSION_MIN_MAJOR,
102                                          GRPC_PROTOCOL_VERSION_MIN_MINOR);
103   grpc_slice serialized_peer_versions;
104   ASSERT_TRUE(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
105                                                     &serialized_peer_versions));
106 
107   ASSERT_EQ(
108       tsi_construct_string_peer_property(
109           TSI_ALTS_RPC_VERSIONS,
110           reinterpret_cast<char*>(
111               GRPC_SLICE_START_PTR(serialized_peer_versions)),
112           GRPC_SLICE_LENGTH(serialized_peer_versions), &peer.properties[2]),
113       TSI_OK);
114   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
115       grpc_alts_auth_context_from_tsi_peer(&peer);
116   ASSERT_EQ(ctx, nullptr);
117   grpc_slice_unref(serialized_peer_versions);
118   tsi_peer_destruct(&peer);
119 }
120 
TEST(AltsSecurityConnectorTest,UnknownPeerPropertyFailure)121 TEST(AltsSecurityConnectorTest, UnknownPeerPropertyFailure) {
122   tsi_peer peer;
123   ASSERT_EQ(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer), TSI_OK);
124   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
125                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
126                 &peer.properties[0]),
127             TSI_OK);
128   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
129                 "unknown", "alice", &peer.properties[1]),
130             TSI_OK);
131   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
132       grpc_alts_auth_context_from_tsi_peer(&peer);
133   ASSERT_EQ(ctx, nullptr);
134   tsi_peer_destruct(&peer);
135 }
136 
test_identity(const grpc_auth_context * ctx,const char * expected_property_name,const char * expected_identity)137 static bool test_identity(const grpc_auth_context* ctx,
138                           const char* expected_property_name,
139                           const char* expected_identity) {
140   grpc_auth_property_iterator it;
141   const grpc_auth_property* prop;
142   EXPECT_TRUE(grpc_auth_context_peer_is_authenticated(ctx));
143   it = grpc_auth_context_peer_identity(ctx);
144   prop = grpc_auth_property_iterator_next(&it);
145   EXPECT_NE(prop, nullptr);
146   if (strcmp(prop->name, expected_property_name) != 0) {
147     gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.",
148             expected_property_name, prop->name);
149     return false;
150   }
151   if (strncmp(prop->value, expected_identity, prop->value_length) != 0) {
152     gpr_log(GPR_ERROR, "Expected peer identity %s and got %s.",
153             expected_identity, prop->value);
154     return false;
155   }
156   return true;
157 }
158 
TEST(AltsSecurityConnectorTest,AltsPeerToAuthContextSuccess)159 TEST(AltsSecurityConnectorTest, AltsPeerToAuthContextSuccess) {
160   tsi_peer peer;
161   ASSERT_EQ(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer), TSI_OK);
162   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
163                 TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
164                 &peer.properties[0]),
165             TSI_OK);
166   ASSERT_EQ(
167       tsi_construct_string_peer_property_from_cstring(
168           TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice", &peer.properties[1]),
169       TSI_OK);
170   grpc_gcp_rpc_protocol_versions peer_versions;
171   grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
172                                          GRPC_PROTOCOL_VERSION_MAX_MAJOR,
173                                          GRPC_PROTOCOL_VERSION_MAX_MINOR);
174   grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
175                                          GRPC_PROTOCOL_VERSION_MIN_MAJOR,
176                                          GRPC_PROTOCOL_VERSION_MIN_MINOR);
177   grpc_slice serialized_peer_versions;
178   ASSERT_TRUE(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
179                                                     &serialized_peer_versions));
180   ASSERT_EQ(
181       tsi_construct_string_peer_property(
182           TSI_ALTS_RPC_VERSIONS,
183           reinterpret_cast<char*>(
184               GRPC_SLICE_START_PTR(serialized_peer_versions)),
185           GRPC_SLICE_LENGTH(serialized_peer_versions), &peer.properties[2]),
186       TSI_OK);
187   ASSERT_EQ(tsi_construct_string_peer_property_from_cstring(
188                 TSI_SECURITY_LEVEL_PEER_PROPERTY,
189                 tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY),
190                 &peer.properties[3]),
191             TSI_OK);
192   char test_ctx[] = "test serialized context";
193   grpc_slice serialized_alts_ctx = grpc_slice_from_copied_string(test_ctx);
194   ASSERT_EQ(
195       tsi_construct_string_peer_property(
196           TSI_ALTS_CONTEXT,
197           reinterpret_cast<char*>(GRPC_SLICE_START_PTR(serialized_alts_ctx)),
198           GRPC_SLICE_LENGTH(serialized_alts_ctx), &peer.properties[4]),
199       TSI_OK);
200   grpc_core::RefCountedPtr<grpc_auth_context> ctx =
201       grpc_alts_auth_context_from_tsi_peer(&peer);
202   ASSERT_NE(ctx, nullptr);
203   ASSERT_TRUE(test_identity(ctx.get(), TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY,
204                             "alice"));
205   ctx.reset(DEBUG_LOCATION, "test");
206   grpc_slice_unref(serialized_peer_versions);
207   grpc_slice_unref(serialized_alts_ctx);
208   tsi_peer_destruct(&peer);
209 }
210 
main(int argc,char ** argv)211 int main(int argc, char** argv) {
212   ::testing::InitGoogleTest(&argc, argv);
213   return RUN_ALL_TESTS();
214 }
215