1*cc02d7e2SAndroid Build Coastguard Worker //
2*cc02d7e2SAndroid Build Coastguard Worker // Copyright 2020 gRPC authors.
3*cc02d7e2SAndroid Build Coastguard Worker //
4*cc02d7e2SAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License");
5*cc02d7e2SAndroid Build Coastguard Worker // you may not use this file except in compliance with the License.
6*cc02d7e2SAndroid Build Coastguard Worker // You may obtain a copy of the License at
7*cc02d7e2SAndroid Build Coastguard Worker //
8*cc02d7e2SAndroid Build Coastguard Worker // http://www.apache.org/licenses/LICENSE-2.0
9*cc02d7e2SAndroid Build Coastguard Worker //
10*cc02d7e2SAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software
11*cc02d7e2SAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS,
12*cc02d7e2SAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*cc02d7e2SAndroid Build Coastguard Worker // See the License for the specific language governing permissions and
14*cc02d7e2SAndroid Build Coastguard Worker // limitations under the License.
15*cc02d7e2SAndroid Build Coastguard Worker //
16*cc02d7e2SAndroid Build Coastguard Worker
17*cc02d7e2SAndroid Build Coastguard Worker #include <memory>
18*cc02d7e2SAndroid Build Coastguard Worker
19*cc02d7e2SAndroid Build Coastguard Worker #include <gtest/gtest.h>
20*cc02d7e2SAndroid Build Coastguard Worker
21*cc02d7e2SAndroid Build Coastguard Worker #include <grpc/grpc.h>
22*cc02d7e2SAndroid Build Coastguard Worker #include <grpc/grpc_crl_provider.h>
23*cc02d7e2SAndroid Build Coastguard Worker #include <grpc/grpc_security.h>
24*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/security/server_credentials.h>
25*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/security/tls_credentials_options.h>
26*cc02d7e2SAndroid Build Coastguard Worker #include <grpcpp/security/tls_crl_provider.h>
27*cc02d7e2SAndroid Build Coastguard Worker
28*cc02d7e2SAndroid Build Coastguard Worker #include "test/core/util/test_config.h"
29*cc02d7e2SAndroid Build Coastguard Worker #include "test/cpp/util/tls_test_utils.h"
30*cc02d7e2SAndroid Build Coastguard Worker
31*cc02d7e2SAndroid Build Coastguard Worker #define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
32*cc02d7e2SAndroid Build Coastguard Worker #define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
33*cc02d7e2SAndroid Build Coastguard Worker #define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
34*cc02d7e2SAndroid Build Coastguard Worker #define CRL_DIR_PATH "test/core/tsi/test_creds/crl_data/crls"
35*cc02d7e2SAndroid Build Coastguard Worker
36*cc02d7e2SAndroid Build Coastguard Worker namespace {
37*cc02d7e2SAndroid Build Coastguard Worker
38*cc02d7e2SAndroid Build Coastguard Worker constexpr const char* kRootCertName = "root_cert_name";
39*cc02d7e2SAndroid Build Coastguard Worker constexpr const char* kRootCertContents = "root_cert_contents";
40*cc02d7e2SAndroid Build Coastguard Worker constexpr const char* kIdentityCertName = "identity_cert_name";
41*cc02d7e2SAndroid Build Coastguard Worker constexpr const char* kIdentityCertPrivateKey = "identity_private_key";
42*cc02d7e2SAndroid Build Coastguard Worker constexpr const char* kIdentityCertContents = "identity_cert_contents";
43*cc02d7e2SAndroid Build Coastguard Worker
44*cc02d7e2SAndroid Build Coastguard Worker using ::grpc::experimental::CreateStaticCrlProvider;
45*cc02d7e2SAndroid Build Coastguard Worker using ::grpc::experimental::ExternalCertificateVerifier;
46*cc02d7e2SAndroid Build Coastguard Worker using ::grpc::experimental::FileWatcherCertificateProvider;
47*cc02d7e2SAndroid Build Coastguard Worker using ::grpc::experimental::NoOpCertificateVerifier;
48*cc02d7e2SAndroid Build Coastguard Worker using ::grpc::experimental::StaticDataCertificateProvider;
49*cc02d7e2SAndroid Build Coastguard Worker using ::grpc::experimental::TlsServerCredentials;
50*cc02d7e2SAndroid Build Coastguard Worker using ::grpc::experimental::TlsServerCredentialsOptions;
51*cc02d7e2SAndroid Build Coastguard Worker
52*cc02d7e2SAndroid Build Coastguard Worker } // namespace
53*cc02d7e2SAndroid Build Coastguard Worker
54*cc02d7e2SAndroid Build Coastguard Worker namespace grpc {
55*cc02d7e2SAndroid Build Coastguard Worker namespace testing {
56*cc02d7e2SAndroid Build Coastguard Worker namespace {
57*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithStaticDataCertificateProviderLoadingRootAndIdentity)58*cc02d7e2SAndroid Build Coastguard Worker TEST(
59*cc02d7e2SAndroid Build Coastguard Worker CredentialsTest,
60*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsWithStaticDataCertificateProviderLoadingRootAndIdentity) {
61*cc02d7e2SAndroid Build Coastguard Worker experimental::IdentityKeyCertPair key_cert_pair;
62*cc02d7e2SAndroid Build Coastguard Worker key_cert_pair.private_key = kIdentityCertPrivateKey;
63*cc02d7e2SAndroid Build Coastguard Worker key_cert_pair.certificate_chain = kIdentityCertContents;
64*cc02d7e2SAndroid Build Coastguard Worker std::vector<experimental::IdentityKeyCertPair> identity_key_cert_pairs;
65*cc02d7e2SAndroid Build Coastguard Worker identity_key_cert_pairs.emplace_back(key_cert_pair);
66*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider = std::make_shared<StaticDataCertificateProvider>(
67*cc02d7e2SAndroid Build Coastguard Worker kRootCertContents, identity_key_cert_pairs);
68*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
69*cc02d7e2SAndroid Build Coastguard Worker options.watch_root_certs();
70*cc02d7e2SAndroid Build Coastguard Worker options.set_root_cert_name(kRootCertName);
71*cc02d7e2SAndroid Build Coastguard Worker options.watch_identity_key_cert_pairs();
72*cc02d7e2SAndroid Build Coastguard Worker options.set_identity_cert_name(kIdentityCertName);
73*cc02d7e2SAndroid Build Coastguard Worker options.set_cert_request_type(
74*cc02d7e2SAndroid Build Coastguard Worker GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
75*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
76*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(server_credentials.get() != nullptr);
77*cc02d7e2SAndroid Build Coastguard Worker }
78*cc02d7e2SAndroid Build Coastguard Worker
79*cc02d7e2SAndroid Build Coastguard Worker // ServerCredentials should always have identity credential presented.
80*cc02d7e2SAndroid Build Coastguard Worker // Otherwise gRPC stack will fail.
TEST(CredentialsTest,TlsServerCredentialsWithStaticDataCertificateProviderLoadingIdentityOnly)81*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest,
82*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsWithStaticDataCertificateProviderLoadingIdentityOnly) {
83*cc02d7e2SAndroid Build Coastguard Worker experimental::IdentityKeyCertPair key_cert_pair;
84*cc02d7e2SAndroid Build Coastguard Worker key_cert_pair.private_key = kIdentityCertPrivateKey;
85*cc02d7e2SAndroid Build Coastguard Worker key_cert_pair.certificate_chain = kIdentityCertContents;
86*cc02d7e2SAndroid Build Coastguard Worker std::vector<experimental::IdentityKeyCertPair> identity_key_cert_pairs;
87*cc02d7e2SAndroid Build Coastguard Worker // Adding two key_cert_pair(s) should still work.
88*cc02d7e2SAndroid Build Coastguard Worker identity_key_cert_pairs.emplace_back(key_cert_pair);
89*cc02d7e2SAndroid Build Coastguard Worker identity_key_cert_pairs.emplace_back(key_cert_pair);
90*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider =
91*cc02d7e2SAndroid Build Coastguard Worker std::make_shared<StaticDataCertificateProvider>(identity_key_cert_pairs);
92*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
93*cc02d7e2SAndroid Build Coastguard Worker options.watch_identity_key_cert_pairs();
94*cc02d7e2SAndroid Build Coastguard Worker options.set_identity_cert_name(kIdentityCertName);
95*cc02d7e2SAndroid Build Coastguard Worker options.set_cert_request_type(
96*cc02d7e2SAndroid Build Coastguard Worker GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
97*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
98*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(server_credentials.get() != nullptr);
99*cc02d7e2SAndroid Build Coastguard Worker }
100*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithFileWatcherCertificateProviderLoadingRootAndIdentity)101*cc02d7e2SAndroid Build Coastguard Worker TEST(
102*cc02d7e2SAndroid Build Coastguard Worker CredentialsTest,
103*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsWithFileWatcherCertificateProviderLoadingRootAndIdentity) {
104*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider = std::make_shared<FileWatcherCertificateProvider>(
105*cc02d7e2SAndroid Build Coastguard Worker SERVER_KEY_PATH, SERVER_CERT_PATH, CA_CERT_PATH, 1);
106*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
107*cc02d7e2SAndroid Build Coastguard Worker options.watch_root_certs();
108*cc02d7e2SAndroid Build Coastguard Worker options.set_root_cert_name(kRootCertName);
109*cc02d7e2SAndroid Build Coastguard Worker options.watch_identity_key_cert_pairs();
110*cc02d7e2SAndroid Build Coastguard Worker options.set_identity_cert_name(kIdentityCertName);
111*cc02d7e2SAndroid Build Coastguard Worker options.set_cert_request_type(
112*cc02d7e2SAndroid Build Coastguard Worker GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
113*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
114*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(server_credentials.get() != nullptr);
115*cc02d7e2SAndroid Build Coastguard Worker }
116*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithCrlChecking)117*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsServerCredentialsWithCrlChecking) {
118*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider = std::make_shared<FileWatcherCertificateProvider>(
119*cc02d7e2SAndroid Build Coastguard Worker SERVER_KEY_PATH, SERVER_CERT_PATH, CA_CERT_PATH, 1);
120*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
121*cc02d7e2SAndroid Build Coastguard Worker options.watch_root_certs();
122*cc02d7e2SAndroid Build Coastguard Worker options.set_root_cert_name(kRootCertName);
123*cc02d7e2SAndroid Build Coastguard Worker options.watch_identity_key_cert_pairs();
124*cc02d7e2SAndroid Build Coastguard Worker options.set_identity_cert_name(kIdentityCertName);
125*cc02d7e2SAndroid Build Coastguard Worker options.set_cert_request_type(
126*cc02d7e2SAndroid Build Coastguard Worker GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
127*cc02d7e2SAndroid Build Coastguard Worker options.set_crl_directory(CRL_DIR_PATH);
128*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
129*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(server_credentials.get() != nullptr);
130*cc02d7e2SAndroid Build Coastguard Worker }
131*cc02d7e2SAndroid Build Coastguard Worker
132*cc02d7e2SAndroid Build Coastguard Worker // ServerCredentials should always have identity credential presented.
133*cc02d7e2SAndroid Build Coastguard Worker // Otherwise gRPC stack will fail.
TEST(CredentialsTest,TlsServerCredentialsWithFileWatcherCertificateProviderLoadingIdentityOnly)134*cc02d7e2SAndroid Build Coastguard Worker TEST(
135*cc02d7e2SAndroid Build Coastguard Worker CredentialsTest,
136*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsWithFileWatcherCertificateProviderLoadingIdentityOnly) {
137*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider = std::make_shared<FileWatcherCertificateProvider>(
138*cc02d7e2SAndroid Build Coastguard Worker SERVER_KEY_PATH, SERVER_CERT_PATH, 1);
139*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
140*cc02d7e2SAndroid Build Coastguard Worker options.watch_identity_key_cert_pairs();
141*cc02d7e2SAndroid Build Coastguard Worker options.set_identity_cert_name(kIdentityCertName);
142*cc02d7e2SAndroid Build Coastguard Worker options.set_cert_request_type(
143*cc02d7e2SAndroid Build Coastguard Worker GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
144*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
145*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(server_credentials.get() != nullptr);
146*cc02d7e2SAndroid Build Coastguard Worker }
147*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithSyncExternalVerifier)148*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsServerCredentialsWithSyncExternalVerifier) {
149*cc02d7e2SAndroid Build Coastguard Worker auto verifier =
150*cc02d7e2SAndroid Build Coastguard Worker ExternalCertificateVerifier::Create<SyncCertificateVerifier>(true);
151*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider = std::make_shared<FileWatcherCertificateProvider>(
152*cc02d7e2SAndroid Build Coastguard Worker SERVER_KEY_PATH, SERVER_CERT_PATH, CA_CERT_PATH, 1);
153*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
154*cc02d7e2SAndroid Build Coastguard Worker options.watch_root_certs();
155*cc02d7e2SAndroid Build Coastguard Worker options.set_root_cert_name(kRootCertName);
156*cc02d7e2SAndroid Build Coastguard Worker options.watch_identity_key_cert_pairs();
157*cc02d7e2SAndroid Build Coastguard Worker options.set_identity_cert_name(kIdentityCertName);
158*cc02d7e2SAndroid Build Coastguard Worker options.set_cert_request_type(
159*cc02d7e2SAndroid Build Coastguard Worker GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
160*cc02d7e2SAndroid Build Coastguard Worker options.set_certificate_verifier(verifier);
161*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
162*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(server_credentials.get() != nullptr);
163*cc02d7e2SAndroid Build Coastguard Worker }
164*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithAsyncExternalVerifier)165*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsServerCredentialsWithAsyncExternalVerifier) {
166*cc02d7e2SAndroid Build Coastguard Worker auto verifier =
167*cc02d7e2SAndroid Build Coastguard Worker ExternalCertificateVerifier::Create<AsyncCertificateVerifier>(true);
168*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider = std::make_shared<FileWatcherCertificateProvider>(
169*cc02d7e2SAndroid Build Coastguard Worker SERVER_KEY_PATH, SERVER_CERT_PATH, CA_CERT_PATH, 1);
170*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
171*cc02d7e2SAndroid Build Coastguard Worker options.watch_root_certs();
172*cc02d7e2SAndroid Build Coastguard Worker options.set_root_cert_name(kRootCertName);
173*cc02d7e2SAndroid Build Coastguard Worker options.watch_identity_key_cert_pairs();
174*cc02d7e2SAndroid Build Coastguard Worker options.set_identity_cert_name(kIdentityCertName);
175*cc02d7e2SAndroid Build Coastguard Worker options.set_cert_request_type(
176*cc02d7e2SAndroid Build Coastguard Worker GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
177*cc02d7e2SAndroid Build Coastguard Worker options.set_certificate_verifier(verifier);
178*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
179*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(server_credentials.get() != nullptr);
180*cc02d7e2SAndroid Build Coastguard Worker }
181*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithCrlProvider)182*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsServerCredentialsWithCrlProvider) {
183*cc02d7e2SAndroid Build Coastguard Worker auto provider = experimental::CreateStaticCrlProvider({});
184*cc02d7e2SAndroid Build Coastguard Worker ASSERT_TRUE(provider.ok());
185*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider = std::make_shared<FileWatcherCertificateProvider>(
186*cc02d7e2SAndroid Build Coastguard Worker SERVER_KEY_PATH, SERVER_CERT_PATH, CA_CERT_PATH, 1);
187*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
188*cc02d7e2SAndroid Build Coastguard Worker options.set_crl_provider(*provider);
189*cc02d7e2SAndroid Build Coastguard Worker auto channel_credentials = grpc::experimental::TlsServerCredentials(options);
190*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(channel_credentials.get() != nullptr);
191*cc02d7e2SAndroid Build Coastguard Worker }
192*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithCrlProviderAndDirectory)193*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsServerCredentialsWithCrlProviderAndDirectory) {
194*cc02d7e2SAndroid Build Coastguard Worker auto provider = experimental::CreateStaticCrlProvider({});
195*cc02d7e2SAndroid Build Coastguard Worker ASSERT_TRUE(provider.ok());
196*cc02d7e2SAndroid Build Coastguard Worker auto certificate_provider = std::make_shared<FileWatcherCertificateProvider>(
197*cc02d7e2SAndroid Build Coastguard Worker SERVER_KEY_PATH, SERVER_CERT_PATH, CA_CERT_PATH, 1);
198*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(certificate_provider);
199*cc02d7e2SAndroid Build Coastguard Worker options.set_crl_directory(CRL_DIR_PATH);
200*cc02d7e2SAndroid Build Coastguard Worker options.set_crl_provider(*provider);
201*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
202*cc02d7e2SAndroid Build Coastguard Worker // TODO(gtcooke94) - behavior might change to make this return nullptr in
203*cc02d7e2SAndroid Build Coastguard Worker // the future
204*cc02d7e2SAndroid Build Coastguard Worker GPR_ASSERT(server_credentials != nullptr);
205*cc02d7e2SAndroid Build Coastguard Worker }
206*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsCredentialsOptionsDoesNotLeak)207*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsCredentialsOptionsDoesNotLeak) {
208*cc02d7e2SAndroid Build Coastguard Worker auto provider = std::make_shared<StaticDataCertificateProvider>("root-pem");
209*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options(provider);
210*cc02d7e2SAndroid Build Coastguard Worker (void)options;
211*cc02d7e2SAndroid Build Coastguard Worker }
212*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,MultipleOptionsOneCertificateProviderDoesNotLeak)213*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, MultipleOptionsOneCertificateProviderDoesNotLeak) {
214*cc02d7e2SAndroid Build Coastguard Worker auto provider = std::make_shared<StaticDataCertificateProvider>("root-pem");
215*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options_1(provider);
216*cc02d7e2SAndroid Build Coastguard Worker (void)options_1;
217*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options_2(provider);
218*cc02d7e2SAndroid Build Coastguard Worker (void)options_2;
219*cc02d7e2SAndroid Build Coastguard Worker }
220*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,MultipleOptionsOneCertificateVerifierDoesNotLeak)221*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, MultipleOptionsOneCertificateVerifierDoesNotLeak) {
222*cc02d7e2SAndroid Build Coastguard Worker auto provider = std::make_shared<StaticDataCertificateProvider>("root-pem");
223*cc02d7e2SAndroid Build Coastguard Worker auto verifier = std::make_shared<NoOpCertificateVerifier>();
224*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options_1(provider);
225*cc02d7e2SAndroid Build Coastguard Worker options_1.set_certificate_verifier(verifier);
226*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options_2(provider);
227*cc02d7e2SAndroid Build Coastguard Worker options_2.set_certificate_verifier(verifier);
228*cc02d7e2SAndroid Build Coastguard Worker }
229*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,MultipleOptionsOneCrlProviderDoesNotLeak)230*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, MultipleOptionsOneCrlProviderDoesNotLeak) {
231*cc02d7e2SAndroid Build Coastguard Worker auto provider = std::make_shared<StaticDataCertificateProvider>("root-pem");
232*cc02d7e2SAndroid Build Coastguard Worker auto crl_provider = CreateStaticCrlProvider(/*crls=*/{});
233*cc02d7e2SAndroid Build Coastguard Worker EXPECT_TRUE(crl_provider.ok());
234*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options_1(provider);
235*cc02d7e2SAndroid Build Coastguard Worker options_1.set_crl_provider(*crl_provider);
236*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options_2(provider);
237*cc02d7e2SAndroid Build Coastguard Worker options_2.set_crl_provider(*crl_provider);
238*cc02d7e2SAndroid Build Coastguard Worker }
239*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsDoesNotLeak)240*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsServerCredentialsDoesNotLeak) {
241*cc02d7e2SAndroid Build Coastguard Worker auto provider = std::make_shared<StaticDataCertificateProvider>("root-pem");
242*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options(provider);
243*cc02d7e2SAndroid Build Coastguard Worker auto server_creds = TlsServerCredentials(options);
244*cc02d7e2SAndroid Build Coastguard Worker EXPECT_NE(server_creds, nullptr);
245*cc02d7e2SAndroid Build Coastguard Worker }
246*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,MultipleServerCredentialsOneOptionsDoesNotLeak)247*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, MultipleServerCredentialsOneOptionsDoesNotLeak) {
248*cc02d7e2SAndroid Build Coastguard Worker auto provider = std::make_shared<StaticDataCertificateProvider>("root-pem");
249*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options(provider);
250*cc02d7e2SAndroid Build Coastguard Worker auto server_creds_1 = TlsServerCredentials(options);
251*cc02d7e2SAndroid Build Coastguard Worker EXPECT_NE(server_creds_1, nullptr);
252*cc02d7e2SAndroid Build Coastguard Worker auto server_creds_2 = TlsServerCredentials(options);
253*cc02d7e2SAndroid Build Coastguard Worker EXPECT_NE(server_creds_2, nullptr);
254*cc02d7e2SAndroid Build Coastguard Worker }
255*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,MultipleServerCredentialsOneCertificateVerifierDoesNotLeak)256*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest,
257*cc02d7e2SAndroid Build Coastguard Worker MultipleServerCredentialsOneCertificateVerifierDoesNotLeak) {
258*cc02d7e2SAndroid Build Coastguard Worker auto provider = std::make_shared<StaticDataCertificateProvider>("root-pem");
259*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options(provider);
260*cc02d7e2SAndroid Build Coastguard Worker auto verifier = std::make_shared<NoOpCertificateVerifier>();
261*cc02d7e2SAndroid Build Coastguard Worker options.set_certificate_verifier(verifier);
262*cc02d7e2SAndroid Build Coastguard Worker auto server_creds_1 = TlsServerCredentials(options);
263*cc02d7e2SAndroid Build Coastguard Worker EXPECT_NE(server_creds_1, nullptr);
264*cc02d7e2SAndroid Build Coastguard Worker auto server_creds_2 = TlsServerCredentials(options);
265*cc02d7e2SAndroid Build Coastguard Worker EXPECT_NE(server_creds_2, nullptr);
266*cc02d7e2SAndroid Build Coastguard Worker }
267*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,MultipleServerCredentialsOneCrlProviderDoesNotLeak)268*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, MultipleServerCredentialsOneCrlProviderDoesNotLeak) {
269*cc02d7e2SAndroid Build Coastguard Worker auto provider = std::make_shared<StaticDataCertificateProvider>("root-pem");
270*cc02d7e2SAndroid Build Coastguard Worker TlsServerCredentialsOptions options(provider);
271*cc02d7e2SAndroid Build Coastguard Worker auto crl_provider = CreateStaticCrlProvider(/*crls=*/{});
272*cc02d7e2SAndroid Build Coastguard Worker EXPECT_TRUE(crl_provider.ok());
273*cc02d7e2SAndroid Build Coastguard Worker options.set_crl_provider(*crl_provider);
274*cc02d7e2SAndroid Build Coastguard Worker auto server_creds_1 = TlsServerCredentials(options);
275*cc02d7e2SAndroid Build Coastguard Worker EXPECT_NE(server_creds_1, nullptr);
276*cc02d7e2SAndroid Build Coastguard Worker auto server_creds_2 = TlsServerCredentials(options);
277*cc02d7e2SAndroid Build Coastguard Worker EXPECT_NE(server_creds_2, nullptr);
278*cc02d7e2SAndroid Build Coastguard Worker }
279*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithGoodMinMaxTlsVersions)280*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsServerCredentialsWithGoodMinMaxTlsVersions) {
281*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(
282*cc02d7e2SAndroid Build Coastguard Worker /*certificate_provider=*/nullptr);
283*cc02d7e2SAndroid Build Coastguard Worker options.set_min_tls_version(grpc_tls_version::TLS1_2);
284*cc02d7e2SAndroid Build Coastguard Worker options.set_max_tls_version(grpc_tls_version::TLS1_3);
285*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
286*cc02d7e2SAndroid Build Coastguard Worker EXPECT_NE(server_credentials, nullptr);
287*cc02d7e2SAndroid Build Coastguard Worker }
288*cc02d7e2SAndroid Build Coastguard Worker
TEST(CredentialsTest,TlsServerCredentialsWithBadMinMaxTlsVersions)289*cc02d7e2SAndroid Build Coastguard Worker TEST(CredentialsTest, TlsServerCredentialsWithBadMinMaxTlsVersions) {
290*cc02d7e2SAndroid Build Coastguard Worker grpc::experimental::TlsServerCredentialsOptions options(
291*cc02d7e2SAndroid Build Coastguard Worker /*certificate_provider=*/nullptr);
292*cc02d7e2SAndroid Build Coastguard Worker options.set_min_tls_version(grpc_tls_version::TLS1_3);
293*cc02d7e2SAndroid Build Coastguard Worker options.set_max_tls_version(grpc_tls_version::TLS1_2);
294*cc02d7e2SAndroid Build Coastguard Worker auto server_credentials = grpc::experimental::TlsServerCredentials(options);
295*cc02d7e2SAndroid Build Coastguard Worker EXPECT_EQ(server_credentials, nullptr);
296*cc02d7e2SAndroid Build Coastguard Worker }
297*cc02d7e2SAndroid Build Coastguard Worker
298*cc02d7e2SAndroid Build Coastguard Worker } // namespace
299*cc02d7e2SAndroid Build Coastguard Worker } // namespace testing
300*cc02d7e2SAndroid Build Coastguard Worker } // namespace grpc
301*cc02d7e2SAndroid Build Coastguard Worker
main(int argc,char ** argv)302*cc02d7e2SAndroid Build Coastguard Worker int main(int argc, char** argv) {
303*cc02d7e2SAndroid Build Coastguard Worker ::testing::InitGoogleTest(&argc, argv);
304*cc02d7e2SAndroid Build Coastguard Worker grpc::testing::TestEnvironment env(&argc, argv);
305*cc02d7e2SAndroid Build Coastguard Worker int ret = RUN_ALL_TESTS();
306*cc02d7e2SAndroid Build Coastguard Worker return ret;
307*cc02d7e2SAndroid Build Coastguard Worker }
308