Search in sources :

Example 6 with UpstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.

the class ClientSslContextProviderFactoryTest method bothPresent_expectCertProviderClientSslContextProvider.

@Test
public void bothPresent_expectCertProviderClientSslContextProvider() throws XdsInitializationException {
    final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
    createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
    UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance("gcp_id", "cert-default", "gcp_id", "root-default", /* alpnProtocols= */
    null, /* staticCertValidationContext= */
    null);
    CommonTlsContext.Builder builder = upstreamTlsContext.getCommonTlsContext().toBuilder();
    builder = addFilenames(builder, "foo.pem", "foo.key", "root.pem");
    upstreamTlsContext = new UpstreamTlsContext(builder.build());
    Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
    clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
}
Also used : Bootstrapper(io.grpc.xds.Bootstrapper) UpstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext) CertProviderClientSslContextProvider(io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider) CommonTlsContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext) Test(org.junit.Test)

Example 7 with UpstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.

the class ClientSslContextProviderFactoryTest method createCertProviderClientSslContextProvider_2providers.

@Test
public void createCertProviderClientSslContextProvider_2providers() throws XdsInitializationException {
    final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[2];
    createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
    createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "file_watcher", 1);
    UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance("gcp_id", "cert-default", "file_provider", "root-default", /* alpnProtocols= */
    null, /* staticCertValidationContext= */
    null);
    Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
    clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
    verifyWatcher(sslContextProvider, watcherCaptor[1]);
}
Also used : Bootstrapper(io.grpc.xds.Bootstrapper) UpstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext) CertProviderClientSslContextProvider(io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider) Test(org.junit.Test)

Example 8 with UpstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.

the class ClientSslContextProviderFactoryTest method createNullCommonTlsContext_exception.

@Test
public void createNullCommonTlsContext_exception() throws IOException {
    clientSslContextProviderFactory = new ClientSslContextProviderFactory(null, certProviderClientSslContextProviderFactory);
    UpstreamTlsContext upstreamTlsContext = new UpstreamTlsContext(null);
    try {
        clientSslContextProviderFactory.create(upstreamTlsContext);
        Assert.fail("no exception thrown");
    } catch (NullPointerException expected) {
        assertThat(expected).hasMessageThat().isEqualTo("upstreamTlsContext should have CommonTlsContext");
    }
}
Also used : UpstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext) Test(org.junit.Test)

Example 9 with UpstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.

the class ClientSslContextProviderFactoryTest method createCertProviderClientSslContextProvider_withStaticContext.

@Test
public void createCertProviderClientSslContextProvider_withStaticContext() throws XdsInitializationException {
    final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
    createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
    CertificateValidationContext staticCertValidationContext = CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(ImmutableSet.of(StringMatcher.newBuilder().setExact("foo").build(), StringMatcher.newBuilder().setExact("bar").build())).build();
    UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(/* certInstanceName= */
    null, /* certName= */
    null, "gcp_id", "root-default", /* alpnProtocols= */
    null, staticCertValidationContext);
    Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
    clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
    SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
    assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
}
Also used : Bootstrapper(io.grpc.xds.Bootstrapper) UpstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext) CertProviderClientSslContextProvider(io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 10 with UpstreamTlsContext

use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.

the class SdsProtocolNegotiatorsTest method clientSdsProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent.

@Test
public void clientSdsProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent() throws InterruptedException, TimeoutException, ExecutionException {
    FakeClock executor = new FakeClock();
    CommonCertProviderTestUtils.register(executor);
    Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils.buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null);
    UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
    SslContextProviderSupplier sslContextProviderSupplier = new SslContextProviderSupplier(upstreamTlsContext, new TlsContextManagerImpl(bootstrapInfoForClient));
    SdsProtocolNegotiators.ClientSdsHandler clientSdsHandler = new SdsProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier);
    pipeline.addLast(clientSdsHandler);
    channelHandlerCtx = pipeline.context(clientSdsHandler);
    // non-null since we just added it
    assertNotNull(channelHandlerCtx);
    // kick off protocol negotiation.
    pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault());
    final SettableFuture<Object> future = SettableFuture.create();
    sslContextProviderSupplier.updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {

        @Override
        public void updateSecret(SslContext sslContext) {
            future.set(sslContext);
        }

        @Override
        protected void onException(Throwable throwable) {
            future.set(throwable);
        }
    });
    executor.runDueTasks();
    // need this for tasks to execute on eventLoop
    channel.runPendingTasks();
    Object fromFuture = future.get(5, TimeUnit.SECONDS);
    assertThat(fromFuture).isInstanceOf(SslContext.class);
    channel.runPendingTasks();
    channelHandlerCtx = pipeline.context(clientSdsHandler);
    assertThat(channelHandlerCtx).isNull();
    Object sslEvent = SslHandshakeCompletionEvent.SUCCESS;
    pipeline.fireUserEventTriggered(sslEvent);
    // need this for tasks to execute on eventLoop
    channel.runPendingTasks();
    assertTrue(channel.isOpen());
    CommonCertProviderTestUtils.register0();
}
Also used : ClientSdsHandler(io.grpc.xds.internal.sds.SdsProtocolNegotiators.ClientSdsHandler) FakeClock(io.grpc.internal.FakeClock) UpstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext) Bootstrapper(io.grpc.xds.Bootstrapper) ClientSdsHandler(io.grpc.xds.internal.sds.SdsProtocolNegotiators.ClientSdsHandler) SslContext(io.netty.handler.ssl.SslContext) Test(org.junit.Test)

Aggregations

UpstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext)24 Test (org.junit.Test)21 Bootstrapper (io.grpc.xds.Bootstrapper)11 CertProviderClientSslContextProvider (io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider)7 SimpleServiceGrpc (io.grpc.testing.protobuf.SimpleServiceGrpc)5 StatusRuntimeException (io.grpc.StatusRuntimeException)4 DownstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext)4 CertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)3 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)3 CommonTlsContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext)2 FakeClock (io.grpc.internal.FakeClock)2 ClientSdsHandler (io.grpc.xds.internal.sds.SdsProtocolNegotiators.ClientSdsHandler)2 SslContext (io.netty.handler.ssl.SslContext)2 SSLException (javax.net.ssl.SSLException)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 Thresholds (io.envoyproxy.envoy.config.cluster.v3.CircuitBreakers.Thresholds)1 Cluster (io.envoyproxy.envoy.config.cluster.v3.Cluster)1 DiscoveryType (io.envoyproxy.envoy.config.cluster.v3.Cluster.DiscoveryType)1 SocketAddress (io.envoyproxy.envoy.config.core.v3.SocketAddress)1 ClusterLoadAssignment (io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment)1