use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class ClientSslContextProviderFactoryTest method bothPresent_expectCertProviderClientSslContextProvider.
@Test
public void bothPresent_expectCertProviderClientSslContextProvider() throws XdsInitializationException {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance("gcp_id", "cert-default", "gcp_id", "root-default", /* alpnProtocols= */
null, /* staticCertValidationContext= */
null);
CommonTlsContext.Builder builder = upstreamTlsContext.getCommonTlsContext().toBuilder();
builder = addFilenames(builder, "foo.pem", "foo.key", "root.pem");
upstreamTlsContext = new UpstreamTlsContext(builder.build());
Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
verifyWatcher(sslContextProvider, watcherCaptor[0]);
}
use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class ClientSslContextProviderFactoryTest method createCertProviderClientSslContextProvider_2providers.
@Test
public void createCertProviderClientSslContextProvider_2providers() throws XdsInitializationException {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[2];
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "file_watcher", 1);
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance("gcp_id", "cert-default", "file_provider", "root-default", /* alpnProtocols= */
null, /* staticCertValidationContext= */
null);
Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
verifyWatcher(sslContextProvider, watcherCaptor[0]);
verifyWatcher(sslContextProvider, watcherCaptor[1]);
}
use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class ClientSslContextProviderFactoryTest method createNullCommonTlsContext_exception.
@Test
public void createNullCommonTlsContext_exception() throws IOException {
clientSslContextProviderFactory = new ClientSslContextProviderFactory(null, certProviderClientSslContextProviderFactory);
UpstreamTlsContext upstreamTlsContext = new UpstreamTlsContext(null);
try {
clientSslContextProviderFactory.create(upstreamTlsContext);
Assert.fail("no exception thrown");
} catch (NullPointerException expected) {
assertThat(expected).hasMessageThat().isEqualTo("upstreamTlsContext should have CommonTlsContext");
}
}
use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class ClientSslContextProviderFactoryTest method createCertProviderClientSslContextProvider_withStaticContext.
@Test
public void createCertProviderClientSslContextProvider_withStaticContext() throws XdsInitializationException {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
CertificateValidationContext staticCertValidationContext = CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(ImmutableSet.of(StringMatcher.newBuilder().setExact("foo").build(), StringMatcher.newBuilder().setExact("bar").build())).build();
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(/* certInstanceName= */
null, /* certName= */
null, "gcp_id", "root-default", /* alpnProtocols= */
null, staticCertValidationContext);
Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
verifyWatcher(sslContextProvider, watcherCaptor[0]);
}
use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class SdsProtocolNegotiatorsTest method clientSdsProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent.
@Test
public void clientSdsProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent() throws InterruptedException, TimeoutException, ExecutionException {
FakeClock executor = new FakeClock();
CommonCertProviderTestUtils.register(executor);
Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils.buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null);
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
SslContextProviderSupplier sslContextProviderSupplier = new SslContextProviderSupplier(upstreamTlsContext, new TlsContextManagerImpl(bootstrapInfoForClient));
SdsProtocolNegotiators.ClientSdsHandler clientSdsHandler = new SdsProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier);
pipeline.addLast(clientSdsHandler);
channelHandlerCtx = pipeline.context(clientSdsHandler);
// non-null since we just added it
assertNotNull(channelHandlerCtx);
// kick off protocol negotiation.
pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault());
final SettableFuture<Object> future = SettableFuture.create();
sslContextProviderSupplier.updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {
@Override
public void updateSecret(SslContext sslContext) {
future.set(sslContext);
}
@Override
protected void onException(Throwable throwable) {
future.set(throwable);
}
});
executor.runDueTasks();
// need this for tasks to execute on eventLoop
channel.runPendingTasks();
Object fromFuture = future.get(5, TimeUnit.SECONDS);
assertThat(fromFuture).isInstanceOf(SslContext.class);
channel.runPendingTasks();
channelHandlerCtx = pipeline.context(clientSdsHandler);
assertThat(channelHandlerCtx).isNull();
Object sslEvent = SslHandshakeCompletionEvent.SUCCESS;
pipeline.fireUserEventTriggered(sslEvent);
// need this for tasks to execute on eventLoop
channel.runPendingTasks();
assertTrue(channel.isOpen());
CommonCertProviderTestUtils.register0();
}
Aggregations