use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class SdsProtocolNegotiatorsTest method clientSdsHandler_addLast.
@Test
public void clientSdsHandler_addLast() throws InterruptedException, TimeoutException, ExecutionException {
FakeClock executor = new FakeClock();
CommonCertProviderTestUtils.register(executor);
Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils.buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE, CA_PEM_FILE, null, null, null, null);
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
SslContextProviderSupplier sslContextProviderSupplier = new SslContextProviderSupplier(upstreamTlsContext, new TlsContextManagerImpl(bootstrapInfoForClient));
SdsProtocolNegotiators.ClientSdsHandler clientSdsHandler = new SdsProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier);
pipeline.addLast(clientSdsHandler);
channelHandlerCtx = pipeline.context(clientSdsHandler);
// clientSdsHandler ctx is non-null since we just added it
assertNotNull(channelHandlerCtx);
// kick off protocol negotiation.
pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault());
final SettableFuture<Object> future = SettableFuture.create();
sslContextProviderSupplier.updateSslContext(new SslContextProvider.Callback(MoreExecutors.directExecutor()) {
@Override
public void updateSecret(SslContext sslContext) {
future.set(sslContext);
}
@Override
protected void onException(Throwable throwable) {
future.set(throwable);
}
});
assertThat(executor.runDueTasks()).isEqualTo(1);
channel.runPendingTasks();
Object fromFuture = future.get(2, TimeUnit.SECONDS);
assertThat(fromFuture).isInstanceOf(SslContext.class);
channel.runPendingTasks();
channelHandlerCtx = pipeline.context(clientSdsHandler);
assertThat(channelHandlerCtx).isNull();
// pipeline should have SslHandler and ClientTlsHandler
Iterator<Map.Entry<String, ChannelHandler>> iterator = pipeline.iterator();
assertThat(iterator.next().getValue()).isInstanceOf(SslHandler.class);
// ProtocolNegotiators.ClientTlsHandler.class not accessible, get canonical name
assertThat(iterator.next().getValue().getClass().getCanonicalName()).contains("ProtocolNegotiators.ClientTlsHandler");
CommonCertProviderTestUtils.register0();
}
use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class ClientSslContextProviderFactoryTest method createCertProviderClientSslContextProvider_onlyRootCert.
@Test
public void createCertProviderClientSslContextProvider_onlyRootCert() throws XdsInitializationException {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(/* certInstanceName= */
null, /* certName= */
null, "gcp_id", "root-default", /* alpnProtocols= */
null, /* staticCertValidationContext= */
null);
Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
verifyWatcher(sslContextProvider, watcherCaptor[0]);
}
use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class ClientSslContextProviderFactoryTest method createNewCertProviderClientSslContextProvider_onlyRootCert.
@Test
public void createNewCertProviderClientSslContextProvider_onlyRootCert() {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
CertificateValidationContext staticCertValidationContext = CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(ImmutableSet.of(StringMatcher.newBuilder().setExact("foo").build(), StringMatcher.newBuilder().setExact("bar").build())).build();
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(/* certInstanceName= */
null, /* certName= */
null, "gcp_id", "root-default", /* alpnProtocols= */
null, staticCertValidationContext);
Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
verifyWatcher(sslContextProvider, watcherCaptor[0]);
}
use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class ClientSslContextProviderFactoryTest method createCertProviderClientSslContextProvider.
@Test
public void createCertProviderClientSslContextProvider() throws XdsInitializationException {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance("gcp_id", "cert-default", "gcp_id", "root-default", /* alpnProtocols= */
null, /* staticCertValidationContext= */
null);
Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
verifyWatcher(sslContextProvider, watcherCaptor[0]);
// verify that bootstrapInfo is cached...
sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
}
use of io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext in project grpc-java by grpc.
the class ClientSslContextProviderFactoryTest method createNewCertProviderClientSslContextProvider_withSans.
@Test
public void createNewCertProviderClientSslContextProvider_withSans() {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[2];
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "file_watcher", 1);
CertificateValidationContext staticCertValidationContext = CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(ImmutableSet.of(StringMatcher.newBuilder().setExact("foo").build(), StringMatcher.newBuilder().setExact("bar").build())).build();
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance("gcp_id", "cert-default", "file_provider", "root-default", /* alpnProtocols= */
null, staticCertValidationContext);
Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
clientSslContextProviderFactory = new ClientSslContextProviderFactory(bootstrapInfo, certProviderClientSslContextProviderFactory);
SslContextProvider sslContextProvider = clientSslContextProviderFactory.create(upstreamTlsContext);
assertThat(sslContextProvider).isInstanceOf(CertProviderClientSslContextProvider.class);
verifyWatcher(sslContextProvider, watcherCaptor[0]);
verifyWatcher(sslContextProvider, watcherCaptor[1]);
}
Aggregations