1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "src/core/lib/security/authorization/evaluate_args.h"
16
17 #include <gmock/gmock.h>
18 #include <gtest/gtest.h>
19
20 #include <grpc/support/port_platform.h>
21
22 #include "src/core/lib/address_utils/sockaddr_utils.h"
23 #include "test/core/util/evaluate_args_test_util.h"
24 #include "test/core/util/test_config.h"
25
26 namespace grpc_core {
27
28 class EvaluateArgsTest : public ::testing::Test {
29 protected:
30 EvaluateArgsTestUtil util_;
31 };
32
TEST_F(EvaluateArgsTest,EmptyMetadata)33 TEST_F(EvaluateArgsTest, EmptyMetadata) {
34 EvaluateArgs args = util_.MakeEvaluateArgs();
35 EXPECT_THAT(args.GetPath(), ::testing::IsEmpty());
36 EXPECT_THAT(args.GetMethod(), ::testing::IsEmpty());
37 EXPECT_THAT(args.GetAuthority(), ::testing::IsEmpty());
38 EXPECT_EQ(args.GetHeaderValue("some_key", nullptr), absl::nullopt);
39 }
40
TEST_F(EvaluateArgsTest,GetPathSuccess)41 TEST_F(EvaluateArgsTest, GetPathSuccess) {
42 util_.AddPairToMetadata(":path", "/expected/path");
43 EvaluateArgs args = util_.MakeEvaluateArgs();
44 EXPECT_EQ(args.GetPath(), "/expected/path");
45 }
46
TEST_F(EvaluateArgsTest,GetAuthoritySuccess)47 TEST_F(EvaluateArgsTest, GetAuthoritySuccess) {
48 util_.AddPairToMetadata(":authority", "test.google.com");
49 EvaluateArgs args = util_.MakeEvaluateArgs();
50 EXPECT_EQ(args.GetAuthority(), "test.google.com");
51 }
52
TEST_F(EvaluateArgsTest,GetMethodSuccess)53 TEST_F(EvaluateArgsTest, GetMethodSuccess) {
54 util_.AddPairToMetadata(":method", "GET");
55 EvaluateArgs args = util_.MakeEvaluateArgs();
56 EXPECT_EQ(args.GetMethod(), "GET");
57 }
58
TEST_F(EvaluateArgsTest,GetHeaderValueSuccess)59 TEST_F(EvaluateArgsTest, GetHeaderValueSuccess) {
60 util_.AddPairToMetadata("key123", "value123");
61 EvaluateArgs args = util_.MakeEvaluateArgs();
62 std::string concatenated_value;
63 absl::optional<absl::string_view> value =
64 args.GetHeaderValue("key123", &concatenated_value);
65 ASSERT_TRUE(value.has_value());
66 EXPECT_EQ(value.value(), "value123");
67 }
68
TEST_F(EvaluateArgsTest,GetHeaderValueAliasesHost)69 TEST_F(EvaluateArgsTest, GetHeaderValueAliasesHost) {
70 util_.AddPairToMetadata(":authority", "test.google.com");
71 EvaluateArgs args = util_.MakeEvaluateArgs();
72 std::string concatenated_value;
73 absl::optional<absl::string_view> value =
74 args.GetHeaderValue("host", &concatenated_value);
75 ASSERT_TRUE(value.has_value());
76 EXPECT_EQ(value.value(), "test.google.com");
77 }
78
TEST_F(EvaluateArgsTest,TestLocalAddressAndPort)79 TEST_F(EvaluateArgsTest, TestLocalAddressAndPort) {
80 util_.SetLocalEndpoint("ipv6:[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:456");
81 EvaluateArgs args = util_.MakeEvaluateArgs();
82 grpc_resolved_address local_address = args.GetLocalAddress();
83 EXPECT_EQ(grpc_sockaddr_to_uri(&local_address).value(),
84 "ipv6:%5B2001:db8:85a3::8a2e:370:7334%5D:456");
85 EXPECT_EQ(args.GetLocalAddressString(),
86 "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
87 EXPECT_EQ(args.GetLocalPort(), 456);
88 }
89
TEST_F(EvaluateArgsTest,TestPeerAddressAndPort)90 TEST_F(EvaluateArgsTest, TestPeerAddressAndPort) {
91 util_.SetPeerEndpoint("ipv4:255.255.255.255:123");
92 EvaluateArgs args = util_.MakeEvaluateArgs();
93 grpc_resolved_address peer_address = args.GetPeerAddress();
94 EXPECT_EQ(grpc_sockaddr_to_uri(&peer_address).value(),
95 "ipv4:255.255.255.255:123");
96 EXPECT_EQ(args.GetPeerAddressString(), "255.255.255.255");
97 EXPECT_EQ(args.GetPeerPort(), 123);
98 }
99
TEST_F(EvaluateArgsTest,EmptyAuthContext)100 TEST_F(EvaluateArgsTest, EmptyAuthContext) {
101 EvaluateArgs args = util_.MakeEvaluateArgs();
102 EXPECT_TRUE(args.GetTransportSecurityType().empty());
103 EXPECT_TRUE(args.GetSpiffeId().empty());
104 EXPECT_TRUE(args.GetUriSans().empty());
105 EXPECT_TRUE(args.GetDnsSans().empty());
106 EXPECT_TRUE(args.GetSubject().empty());
107 EXPECT_TRUE(args.GetCommonName().empty());
108 }
109
TEST_F(EvaluateArgsTest,GetTransportSecurityTypeSuccessOneProperty)110 TEST_F(EvaluateArgsTest, GetTransportSecurityTypeSuccessOneProperty) {
111 util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
112 "ssl");
113 EvaluateArgs args = util_.MakeEvaluateArgs();
114 EXPECT_EQ(args.GetTransportSecurityType(), "ssl");
115 }
116
TEST_F(EvaluateArgsTest,GetTransportSecurityTypeFailDuplicateProperty)117 TEST_F(EvaluateArgsTest, GetTransportSecurityTypeFailDuplicateProperty) {
118 util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
119 "type1");
120 util_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
121 "type2");
122 EvaluateArgs args = util_.MakeEvaluateArgs();
123 EXPECT_TRUE(args.GetTransportSecurityType().empty());
124 }
125
TEST_F(EvaluateArgsTest,GetSpiffeIdSuccessOneProperty)126 TEST_F(EvaluateArgsTest, GetSpiffeIdSuccessOneProperty) {
127 util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id123");
128 EvaluateArgs args = util_.MakeEvaluateArgs();
129 EXPECT_EQ(args.GetSpiffeId(), "id123");
130 }
131
TEST_F(EvaluateArgsTest,GetSpiffeIdFailDuplicateProperty)132 TEST_F(EvaluateArgsTest, GetSpiffeIdFailDuplicateProperty) {
133 util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id123");
134 util_.AddPropertyToAuthContext(GRPC_PEER_SPIFFE_ID_PROPERTY_NAME, "id456");
135 EvaluateArgs args = util_.MakeEvaluateArgs();
136 EXPECT_TRUE(args.GetSpiffeId().empty());
137 }
138
TEST_F(EvaluateArgsTest,GetUriSanSuccessMultipleProperties)139 TEST_F(EvaluateArgsTest, GetUriSanSuccessMultipleProperties) {
140 util_.AddPropertyToAuthContext(GRPC_PEER_URI_PROPERTY_NAME, "foo");
141 util_.AddPropertyToAuthContext(GRPC_PEER_URI_PROPERTY_NAME, "bar");
142 EvaluateArgs args = util_.MakeEvaluateArgs();
143 EXPECT_THAT(args.GetUriSans(), ::testing::ElementsAre("foo", "bar"));
144 }
145
TEST_F(EvaluateArgsTest,GetDnsSanSuccessMultipleProperties)146 TEST_F(EvaluateArgsTest, GetDnsSanSuccessMultipleProperties) {
147 util_.AddPropertyToAuthContext(GRPC_PEER_DNS_PROPERTY_NAME, "foo");
148 util_.AddPropertyToAuthContext(GRPC_PEER_DNS_PROPERTY_NAME, "bar");
149 EvaluateArgs args = util_.MakeEvaluateArgs();
150 EXPECT_THAT(args.GetDnsSans(), ::testing::ElementsAre("foo", "bar"));
151 }
152
TEST_F(EvaluateArgsTest,GetCommonNameSuccessOneProperty)153 TEST_F(EvaluateArgsTest, GetCommonNameSuccessOneProperty) {
154 util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server123");
155 EvaluateArgs args = util_.MakeEvaluateArgs();
156 EXPECT_EQ(args.GetCommonName(), "server123");
157 }
158
TEST_F(EvaluateArgsTest,GetCommonNameFailDuplicateProperty)159 TEST_F(EvaluateArgsTest, GetCommonNameFailDuplicateProperty) {
160 util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server123");
161 util_.AddPropertyToAuthContext(GRPC_X509_CN_PROPERTY_NAME, "server456");
162 EvaluateArgs args = util_.MakeEvaluateArgs();
163 EXPECT_TRUE(args.GetCommonName().empty());
164 }
165
TEST_F(EvaluateArgsTest,GetSubjectSuccessOneProperty)166 TEST_F(EvaluateArgsTest, GetSubjectSuccessOneProperty) {
167 util_.AddPropertyToAuthContext(GRPC_X509_SUBJECT_PROPERTY_NAME,
168 "CN=abc,OU=Google");
169 EvaluateArgs args = util_.MakeEvaluateArgs();
170 EXPECT_EQ(args.GetSubject(), "CN=abc,OU=Google");
171 }
172
TEST_F(EvaluateArgsTest,GetSubjectFailDuplicateProperty)173 TEST_F(EvaluateArgsTest, GetSubjectFailDuplicateProperty) {
174 util_.AddPropertyToAuthContext(GRPC_X509_SUBJECT_PROPERTY_NAME,
175 "CN=abc,OU=Google");
176 util_.AddPropertyToAuthContext(GRPC_X509_SUBJECT_PROPERTY_NAME,
177 "CN=def,OU=Google");
178 EvaluateArgs args = util_.MakeEvaluateArgs();
179 EXPECT_TRUE(args.GetSubject().empty());
180 }
181
182 } // namespace grpc_core
183
main(int argc,char ** argv)184 int main(int argc, char** argv) {
185 grpc::testing::TestEnvironment env(&argc, argv);
186 ::testing::InitGoogleTest(&argc, argv);
187 grpc_init();
188 int ret = RUN_ALL_TESTS();
189 grpc_shutdown();
190 return ret;
191 }
192