1 /*
2  *
3  * Copyright 2018 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <string.h>
22 
23 #include <grpc/grpc.h>
24 #include <grpc/support/alloc.h>
25 #include <grpc/support/log.h>
26 
27 #include "src/core/lib/security/security_connector/alts_security_connector.h"
28 #include "src/core/lib/transport/transport.h"
29 #include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
30 #include "src/core/tsi/transport_security.h"
31 
32 using grpc_core::internal::grpc_alts_auth_context_from_tsi_peer;
33 
34 /* This file contains unit tests of grpc_alts_auth_context_from_tsi_peer(). */
test_invalid_input_failure()35 static void test_invalid_input_failure() {
36   tsi_peer peer;
37   grpc_auth_context* ctx;
38   GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(nullptr, &ctx) ==
39              GRPC_SECURITY_ERROR);
40   GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, nullptr) ==
41              GRPC_SECURITY_ERROR);
42 }
43 
test_empty_certificate_type_failure()44 static void test_empty_certificate_type_failure() {
45   tsi_peer peer;
46   grpc_auth_context* ctx = nullptr;
47   GPR_ASSERT(tsi_construct_peer(0, &peer) == TSI_OK);
48   GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
49              GRPC_SECURITY_ERROR);
50   GPR_ASSERT(ctx == nullptr);
51   tsi_peer_destruct(&peer);
52 }
53 
test_empty_peer_property_failure()54 static void test_empty_peer_property_failure() {
55   tsi_peer peer;
56   grpc_auth_context* ctx;
57   GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
58   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
59                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
60                  &peer.properties[0]) == TSI_OK);
61   GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
62              GRPC_SECURITY_ERROR);
63   GPR_ASSERT(ctx == nullptr);
64   tsi_peer_destruct(&peer);
65 }
66 
test_missing_rpc_protocol_versions_property_failure()67 static void test_missing_rpc_protocol_versions_property_failure() {
68   tsi_peer peer;
69   grpc_auth_context* ctx;
70   GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
71   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
72                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
73                  &peer.properties[0]) == TSI_OK);
74   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
75                  TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
76                  &peer.properties[1]) == TSI_OK);
77   GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
78              GRPC_SECURITY_ERROR);
79   GPR_ASSERT(ctx == nullptr);
80   tsi_peer_destruct(&peer);
81 }
82 
test_unknown_peer_property_failure()83 static void test_unknown_peer_property_failure() {
84   tsi_peer peer;
85   grpc_auth_context* ctx;
86   GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
87   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
88                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
89                  &peer.properties[0]) == TSI_OK);
90   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
91                  "unknown", "alice", &peer.properties[1]) == TSI_OK);
92   GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
93              GRPC_SECURITY_ERROR);
94   GPR_ASSERT(ctx == nullptr);
95   tsi_peer_destruct(&peer);
96 }
97 
test_identity(const grpc_auth_context * ctx,const char * expected_property_name,const char * expected_identity)98 static bool test_identity(const grpc_auth_context* ctx,
99                           const char* expected_property_name,
100                           const char* expected_identity) {
101   grpc_auth_property_iterator it;
102   const grpc_auth_property* prop;
103   GPR_ASSERT(grpc_auth_context_peer_is_authenticated(ctx));
104   it = grpc_auth_context_peer_identity(ctx);
105   prop = grpc_auth_property_iterator_next(&it);
106   GPR_ASSERT(prop != nullptr);
107   if (strcmp(prop->name, expected_property_name) != 0) {
108     gpr_log(GPR_ERROR, "Expected peer identity property name %s and got %s.",
109             expected_property_name, prop->name);
110     return false;
111   }
112   if (strncmp(prop->value, expected_identity, prop->value_length) != 0) {
113     gpr_log(GPR_ERROR, "Expected peer identity %s and got got %s.",
114             expected_identity, prop->value);
115     return false;
116   }
117   return true;
118 }
119 
test_alts_peer_to_auth_context_success()120 static void test_alts_peer_to_auth_context_success() {
121   tsi_peer peer;
122   grpc_auth_context* ctx;
123   GPR_ASSERT(tsi_construct_peer(kTsiAltsNumOfPeerProperties, &peer) == TSI_OK);
124   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
125                  TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_ALTS_CERTIFICATE_TYPE,
126                  &peer.properties[0]) == TSI_OK);
127   GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
128                  TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice",
129                  &peer.properties[1]) == TSI_OK);
130   grpc_gcp_rpc_protocol_versions peer_versions;
131   grpc_gcp_rpc_protocol_versions_set_max(&peer_versions,
132                                          GRPC_PROTOCOL_VERSION_MAX_MAJOR,
133                                          GRPC_PROTOCOL_VERSION_MAX_MINOR);
134   grpc_gcp_rpc_protocol_versions_set_min(&peer_versions,
135                                          GRPC_PROTOCOL_VERSION_MIN_MAJOR,
136                                          GRPC_PROTOCOL_VERSION_MIN_MINOR);
137   grpc_slice serialized_peer_versions;
138   GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&peer_versions,
139                                                    &serialized_peer_versions));
140 
141   GPR_ASSERT(tsi_construct_string_peer_property(
142                  TSI_ALTS_RPC_VERSIONS,
143                  reinterpret_cast<char*>(
144                      GRPC_SLICE_START_PTR(serialized_peer_versions)),
145                  GRPC_SLICE_LENGTH(serialized_peer_versions),
146                  &peer.properties[2]) == TSI_OK);
147   GPR_ASSERT(grpc_alts_auth_context_from_tsi_peer(&peer, &ctx) ==
148              GRPC_SECURITY_OK);
149   GPR_ASSERT(
150       test_identity(ctx, TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY, "alice"));
151   GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
152   grpc_slice_unref(serialized_peer_versions);
153   tsi_peer_destruct(&peer);
154 }
155 
main(int argc,char ** argv)156 int main(int argc, char** argv) {
157   /* Test. */
158   test_invalid_input_failure();
159   test_empty_certificate_type_failure();
160   test_empty_peer_property_failure();
161   test_unknown_peer_property_failure();
162   test_missing_rpc_protocol_versions_property_failure();
163   test_alts_peer_to_auth_context_success();
164 
165   return 0;
166 }
167