1 //
2 //
3 // Copyright 2022 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include "src/core/lib/security/credentials/channel_creds_registry.h"
20
21 #include <gmock/gmock.h>
22 #include <gtest/gtest.h>
23
24 #include "absl/types/optional.h"
25
26 #include <grpc/grpc.h>
27
28 #include "src/core/lib/config/core_configuration.h"
29 #include "src/core/lib/security/credentials/composite/composite_credentials.h"
30 #include "src/core/lib/security/credentials/fake/fake_credentials.h"
31 #include "src/core/lib/security/credentials/insecure/insecure_credentials.h"
32 #include "src/core/lib/security/credentials/tls/tls_credentials.h"
33 #include "test/core/util/test_config.h"
34
35 namespace grpc_core {
36 namespace testing {
37 namespace {
38
39 class TestChannelCredsFactory : public ChannelCredsFactory<> {
40 public:
type() const41 absl::string_view type() const override { return Type(); }
ParseConfig(const Json &,const JsonArgs &,ValidationErrors *) const42 RefCountedPtr<ChannelCredsConfig> ParseConfig(
43 const Json& /*config*/, const JsonArgs& /*args*/,
44 ValidationErrors* /*errors*/) const override {
45 return MakeRefCounted<Config>();
46 }
CreateChannelCreds(RefCountedPtr<ChannelCredsConfig>) const47 RefCountedPtr<grpc_channel_credentials> CreateChannelCreds(
48 RefCountedPtr<ChannelCredsConfig> /*config*/) const override {
49 return RefCountedPtr<grpc_channel_credentials>(
50 grpc_fake_transport_security_credentials_create());
51 }
52
53 private:
54 class Config : public ChannelCredsConfig {
55 public:
type() const56 absl::string_view type() const override { return Type(); }
Equals(const ChannelCredsConfig &) const57 bool Equals(const ChannelCredsConfig&) const override { return true; }
ToJson() const58 Json ToJson() const override { return Json::FromObject({}); }
59 };
60
Type()61 static absl::string_view Type() { return "test"; }
62 };
63
64 class ChannelCredsRegistryTest : public ::testing::Test {
65 protected:
SetUp()66 void SetUp() override { CoreConfiguration::Reset(); }
67
68 // Run a basic test for a given credential type.
69 // type is the string identifying the type in the registry.
70 // credential_type is the resulting type of the actual channel creds object;
71 // if nullopt, does not attempt to instantiate the credentials.
TestCreds(absl::string_view type,absl::optional<UniqueTypeName> credential_type,Json json=Json::FromObject ({}))72 void TestCreds(absl::string_view type,
73 absl::optional<UniqueTypeName> credential_type,
74 Json json = Json::FromObject({})) {
75 EXPECT_TRUE(
76 CoreConfiguration::Get().channel_creds_registry().IsSupported(type));
77 ValidationErrors errors;
78 auto config = CoreConfiguration::Get().channel_creds_registry().ParseConfig(
79 type, json, JsonArgs(), &errors);
80 EXPECT_TRUE(errors.ok()) << errors.message("unexpected errors");
81 ASSERT_NE(config, nullptr);
82 EXPECT_EQ(config->type(), type);
83 if (credential_type.has_value()) {
84 auto creds =
85 CoreConfiguration::Get().channel_creds_registry().CreateChannelCreds(
86 std::move(config));
87 ASSERT_NE(creds, nullptr);
88 UniqueTypeName actual_type = creds->type();
89 // If we get composite creds, unwrap them.
90 // (This happens for GoogleDefaultCreds.)
91 if (creds->type() == grpc_composite_channel_credentials::Type()) {
92 actual_type =
93 static_cast<grpc_composite_channel_credentials*>(creds.get())
94 ->inner_creds()
95 ->type();
96 }
97 EXPECT_EQ(actual_type, *credential_type)
98 << "Actual: " << actual_type.name()
99 << "\nExpected: " << credential_type->name();
100 }
101 }
102 };
103
TEST_F(ChannelCredsRegistryTest,GoogleDefaultCreds)104 TEST_F(ChannelCredsRegistryTest, GoogleDefaultCreds) {
105 // Don't actually instantiate the credentials, since that fails in
106 // some environments.
107 TestCreds("google_default", absl::nullopt);
108 }
109
TEST_F(ChannelCredsRegistryTest,InsecureCreds)110 TEST_F(ChannelCredsRegistryTest, InsecureCreds) {
111 TestCreds("insecure", InsecureCredentials::Type());
112 }
113
TEST_F(ChannelCredsRegistryTest,FakeCreds)114 TEST_F(ChannelCredsRegistryTest, FakeCreds) {
115 TestCreds("fake", grpc_fake_channel_credentials::Type());
116 }
117
TEST_F(ChannelCredsRegistryTest,TlsCredsNoConfig)118 TEST_F(ChannelCredsRegistryTest, TlsCredsNoConfig) {
119 TestCreds("tls", TlsCredentials::Type());
120 }
121
TEST_F(ChannelCredsRegistryTest,TlsCredsFullConfig)122 TEST_F(ChannelCredsRegistryTest, TlsCredsFullConfig) {
123 Json json = Json::FromObject({
124 {"certificate_file", Json::FromString("/path/to/cert_file")},
125 {"private_key_file", Json::FromString("/path/to/private_key_file")},
126 {"ca_certificate_file", Json::FromString("/path/to/ca_cert_file")},
127 {"refresh_interval", Json::FromString("1s")},
128 });
129 TestCreds("tls", TlsCredentials::Type(), json);
130 }
131
TEST_F(ChannelCredsRegistryTest,TlsCredsConfigInvalid)132 TEST_F(ChannelCredsRegistryTest, TlsCredsConfigInvalid) {
133 Json json = Json::FromObject({
134 {"certificate_file", Json::FromObject({})},
135 {"private_key_file", Json::FromArray({})},
136 {"ca_certificate_file", Json::FromBool(true)},
137 {"refresh_interval", Json::FromNumber(1)},
138 });
139 ValidationErrors errors;
140 auto config = CoreConfiguration::Get().channel_creds_registry().ParseConfig(
141 "tls", json, JsonArgs(), &errors);
142 EXPECT_EQ(errors.message("errors"),
143 "errors: ["
144 "field:ca_certificate_file error:is not a string; "
145 "field:certificate_file error:is not a string; "
146 "field:private_key_file error:is not a string; "
147 "field:refresh_interval error:is not a string]");
148 }
149
TEST_F(ChannelCredsRegistryTest,Register)150 TEST_F(ChannelCredsRegistryTest, Register) {
151 // Before registration.
152 EXPECT_FALSE(
153 CoreConfiguration::Get().channel_creds_registry().IsSupported("test"));
154 ValidationErrors errors;
155 auto config = CoreConfiguration::Get().channel_creds_registry().ParseConfig(
156 "test", Json::FromObject({}), JsonArgs(), &errors);
157 EXPECT_TRUE(errors.ok()) << errors.message("unexpected errors");
158 EXPECT_EQ(config, nullptr);
159 auto creds =
160 CoreConfiguration::Get().channel_creds_registry().CreateChannelCreds(
161 std::move(config));
162 EXPECT_EQ(creds, nullptr);
163 // Registration.
164 CoreConfiguration::WithSubstituteBuilder builder(
165 [](CoreConfiguration::Builder* builder) {
166 BuildCoreConfiguration(builder);
167 builder->channel_creds_registry()->RegisterChannelCredsFactory(
168 std::make_unique<TestChannelCredsFactory>());
169 });
170 // After registration.
171 EXPECT_TRUE(
172 CoreConfiguration::Get().channel_creds_registry().IsSupported("test"));
173 config = CoreConfiguration::Get().channel_creds_registry().ParseConfig(
174 "test", Json::FromObject({}), JsonArgs(), &errors);
175 EXPECT_TRUE(errors.ok()) << errors.message("unexpected errors");
176 EXPECT_NE(config, nullptr);
177 EXPECT_EQ(config->type(), "test");
178 creds = CoreConfiguration::Get().channel_creds_registry().CreateChannelCreds(
179 std::move(config));
180 ASSERT_NE(creds, nullptr);
181 EXPECT_EQ(creds->type(), grpc_fake_channel_credentials::Type());
182 }
183
184 } // namespace
185 } // namespace testing
186 } // namespace grpc_core
187
main(int argc,char ** argv)188 int main(int argc, char** argv) {
189 ::testing::InitGoogleTest(&argc, argv);
190 grpc::testing::TestEnvironment env(&argc, argv);
191 grpc_init();
192 auto result = RUN_ALL_TESTS();
193 grpc_shutdown();
194 return result;
195 }
196