1 /* 2 * 3 * Copyright 2015 gRPC authors. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 */ 18 19 #include "test/core/end2end/end2end_tests.h" 20 21 #include <stdio.h> 22 #include <string.h> 23 24 #include <grpc/support/alloc.h> 25 #include <grpc/support/log.h> 26 27 #include "src/core/lib/channel/channel_args.h" 28 #include "src/core/lib/gpr/host_port.h" 29 #include "src/core/lib/iomgr/iomgr.h" 30 #include "src/core/lib/security/credentials/credentials.h" 31 #include "test/core/end2end/data/ssl_test_data.h" 32 #include "test/core/util/port.h" 33 #include "test/core/util/test_config.h" 34 35 static const char oauth2_md[] = "Bearer aaslkfjs424535asdf"; 36 static const char* client_identity_property_name = "smurf_name"; 37 static const char* client_identity = "Brainy Smurf"; 38 39 typedef struct fullstack_secure_fixture_data { 40 char* localaddr; 41 } fullstack_secure_fixture_data; 42 43 static const grpc_metadata* find_metadata(const grpc_metadata* md, 44 size_t md_count, const char* key, 45 const char* value) { 46 size_t i; 47 for (i = 0; i < md_count; i++) { 48 if (grpc_slice_str_cmp(md[i].key, key) == 0 && 49 grpc_slice_str_cmp(md[i].value, value) == 0) { 50 return &md[i]; 51 } 52 } 53 return nullptr; 54 } 55 56 typedef struct { 57 size_t pseudo_refcount; 58 } test_processor_state; 59 60 static void process_oauth2_success(void* state, grpc_auth_context* ctx, 61 const grpc_metadata* md, size_t md_count, 62 grpc_process_auth_metadata_done_cb cb, 63 void* user_data) { 64 const grpc_metadata* oauth2 = 65 find_metadata(md, md_count, "authorization", oauth2_md); 66 test_processor_state* s; 67 68 GPR_ASSERT(state != nullptr); 69 s = static_cast<test_processor_state*>(state); 70 GPR_ASSERT(s->pseudo_refcount == 1); 71 GPR_ASSERT(oauth2 != nullptr); 72 grpc_auth_context_add_cstring_property(ctx, client_identity_property_name, 73 client_identity); 74 GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name( 75 ctx, client_identity_property_name) == 1); 76 cb(user_data, oauth2, 1, nullptr, 0, GRPC_STATUS_OK, nullptr); 77 } 78 79 static void process_oauth2_failure(void* state, grpc_auth_context* ctx, 80 const grpc_metadata* md, size_t md_count, 81 grpc_process_auth_metadata_done_cb cb, 82 void* user_data) { 83 const grpc_metadata* oauth2 = 84 find_metadata(md, md_count, "authorization", oauth2_md); 85 test_processor_state* s; 86 GPR_ASSERT(state != nullptr); 87 s = static_cast<test_processor_state*>(state); 88 GPR_ASSERT(s->pseudo_refcount == 1); 89 GPR_ASSERT(oauth2 != nullptr); 90 cb(user_data, oauth2, 1, nullptr, 0, GRPC_STATUS_UNAUTHENTICATED, nullptr); 91 } 92 93 static grpc_end2end_test_fixture chttp2_create_fixture_secure_fullstack( 94 grpc_channel_args* client_args, grpc_channel_args* server_args) { 95 grpc_end2end_test_fixture f; 96 int port = grpc_pick_unused_port_or_die(); 97 fullstack_secure_fixture_data* ffd = 98 static_cast<fullstack_secure_fixture_data*>( 99 gpr_malloc(sizeof(fullstack_secure_fixture_data))); 100 memset(&f, 0, sizeof(f)); 101 102 gpr_join_host_port(&ffd->localaddr, "localhost", port); 103 104 f.fixture_data = ffd; 105 f.cq = grpc_completion_queue_create_for_next(nullptr); 106 f.shutdown_cq = grpc_completion_queue_create_for_pluck(nullptr); 107 108 return f; 109 } 110 111 static void chttp2_init_client_secure_fullstack( 112 grpc_end2end_test_fixture* f, grpc_channel_args* client_args, 113 grpc_channel_credentials* creds) { 114 fullstack_secure_fixture_data* ffd = 115 static_cast<fullstack_secure_fixture_data*>(f->fixture_data); 116 f->client = 117 grpc_secure_channel_create(creds, ffd->localaddr, client_args, nullptr); 118 GPR_ASSERT(f->client != nullptr); 119 grpc_channel_credentials_release(creds); 120 } 121 122 static void chttp2_init_server_secure_fullstack( 123 grpc_end2end_test_fixture* f, grpc_channel_args* server_args, 124 grpc_server_credentials* server_creds) { 125 fullstack_secure_fixture_data* ffd = 126 static_cast<fullstack_secure_fixture_data*>(f->fixture_data); 127 if (f->server) { 128 grpc_server_destroy(f->server); 129 } 130 f->server = grpc_server_create(server_args, nullptr); 131 grpc_server_register_completion_queue(f->server, f->cq, nullptr); 132 GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr, 133 server_creds)); 134 grpc_server_credentials_release(server_creds); 135 grpc_server_start(f->server); 136 } 137 138 void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture* f) { 139 fullstack_secure_fixture_data* ffd = 140 static_cast<fullstack_secure_fixture_data*>(f->fixture_data); 141 gpr_free(ffd->localaddr); 142 gpr_free(ffd); 143 } 144 145 static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack( 146 grpc_end2end_test_fixture* f, grpc_channel_args* client_args) { 147 grpc_core::ExecCtx exec_ctx; 148 grpc_channel_credentials* ssl_creds = 149 grpc_ssl_credentials_create(test_root_cert, nullptr, nullptr, nullptr); 150 grpc_call_credentials* oauth2_creds = grpc_md_only_test_credentials_create( 151 "authorization", oauth2_md, true /* is_async */); 152 grpc_channel_credentials* ssl_oauth2_creds = 153 grpc_composite_channel_credentials_create(ssl_creds, oauth2_creds, 154 nullptr); 155 grpc_arg ssl_name_override = { 156 GRPC_ARG_STRING, 157 const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG), 158 {const_cast<char*>("foo.test.google.fr")}}; 159 grpc_channel_args* new_client_args = 160 grpc_channel_args_copy_and_add(client_args, &ssl_name_override, 1); 161 chttp2_init_client_secure_fullstack(f, new_client_args, ssl_oauth2_creds); 162 grpc_channel_args_destroy(new_client_args); 163 grpc_channel_credentials_release(ssl_creds); 164 grpc_call_credentials_release(oauth2_creds); 165 } 166 167 static int fail_server_auth_check(grpc_channel_args* server_args) { 168 size_t i; 169 if (server_args == nullptr) return 0; 170 for (i = 0; i < server_args->num_args; i++) { 171 if (strcmp(server_args->args[i].key, FAIL_AUTH_CHECK_SERVER_ARG_NAME) == 172 0) { 173 return 1; 174 } 175 } 176 return 0; 177 } 178 179 static void processor_destroy(void* state) { 180 test_processor_state* s = static_cast<test_processor_state*>(state); 181 GPR_ASSERT((s->pseudo_refcount--) == 1); 182 gpr_free(s); 183 } 184 185 static grpc_auth_metadata_processor test_processor_create(int failing) { 186 test_processor_state* s = 187 static_cast<test_processor_state*>(gpr_malloc(sizeof(*s))); 188 grpc_auth_metadata_processor result; 189 s->pseudo_refcount = 1; 190 result.state = s; 191 result.destroy = processor_destroy; 192 if (failing) { 193 result.process = process_oauth2_failure; 194 } else { 195 result.process = process_oauth2_success; 196 } 197 return result; 198 } 199 200 static void chttp2_init_server_simple_ssl_secure_fullstack( 201 grpc_end2end_test_fixture* f, grpc_channel_args* server_args) { 202 grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key, 203 test_server1_cert}; 204 grpc_server_credentials* ssl_creds = grpc_ssl_server_credentials_create( 205 nullptr, &pem_key_cert_pair, 1, 0, nullptr); 206 grpc_server_credentials_set_auth_metadata_processor( 207 ssl_creds, test_processor_create(fail_server_auth_check(server_args))); 208 chttp2_init_server_secure_fullstack(f, server_args, ssl_creds); 209 } 210 211 /* All test configurations */ 212 213 static grpc_end2end_test_config configs[] = { 214 {"chttp2/simple_ssl_with_oauth2_fullstack", 215 FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION | 216 FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS | 217 FEATURE_MASK_SUPPORTS_CLIENT_CHANNEL | 218 FEATURE_MASK_SUPPORTS_AUTHORITY_HEADER, 219 "foo.test.google.fr", chttp2_create_fixture_secure_fullstack, 220 chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack, 221 chttp2_init_server_simple_ssl_secure_fullstack, 222 chttp2_tear_down_secure_fullstack}, 223 }; 224 225 int main(int argc, char** argv) { 226 size_t i; 227 grpc_test_init(argc, argv); 228 grpc_end2end_tests_pre_init(); 229 grpc_init(); 230 231 for (i = 0; i < sizeof(configs) / sizeof(*configs); i++) { 232 grpc_end2end_tests(argc, argv, configs[i]); 233 } 234 235 grpc_shutdown(); 236 237 return 0; 238 } 239