Example 1 with TestCallback
use of io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback in project grpc-java by grpc.
the class CertProviderClientSslContextProviderTest method testProviderForClient_mtls_newXds.
@Test
public void testProviderForClient_mtls_newXds() throws Exception {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
TestCertificateProvider.createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
CertProviderClientSslContextProvider provider = getNewSslContextProvider("gcp_id", "gcp_id", CommonBootstrapperTestUtils.getTestBootstrapInfo(), /* alpnProtocols= */
null, /* staticCertValidationContext= */
null);
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
assertThat(provider.getSslContext()).isNull();
// now generate cert update
watcherCaptor[0].updateCertificate(CommonCertProviderTestUtils.getPrivateKey(CLIENT_KEY_FILE), ImmutableList.of(getCertFromResourceName(CLIENT_PEM_FILE)));
assertThat(provider.savedKey).isNotNull();
assertThat(provider.savedCertChain).isNotNull();
assertThat(provider.getSslContext()).isNull();
// now generate root cert update
watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
assertThat(provider.getSslContext()).isNotNull();
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
TestCallback testCallback = CommonTlsContextTestsUtil.getValueThruCallback(provider);
doChecksOnSslContext(false, testCallback.updatedSslContext, /* expectedApnProtos= */
null);
TestCallback testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isSameInstanceAs(testCallback.updatedSslContext);
// just do root cert update: sslContext should still be the same
watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(SERVER_0_PEM_FILE)));
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNotNull();
testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isSameInstanceAs(testCallback.updatedSslContext);
// now update id cert: sslContext should be updated i.e.different from the previous one
watcherCaptor[0].updateCertificate(CommonCertProviderTestUtils.getPrivateKey(SERVER_1_KEY_FILE), ImmutableList.of(getCertFromResourceName(SERVER_1_PEM_FILE)));
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
assertThat(provider.getSslContext()).isNotNull();
testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
}
Also used :
TestCallback(io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback)
Test(org.junit.Test)
Example 2 with TestCallback
use of io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback in project grpc-java by grpc.
the class CertProviderServerSslContextProviderTest method testProviderForServer_sslContextException_onError.
@Test
public void testProviderForServer_sslContextException_onError() throws Exception {
CertificateValidationContext staticCertValidationContext = CertificateValidationContext.newBuilder().setTrustedCa(DataSource.newBuilder().setInlineString("foo")).build();
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
TestCertificateProvider.createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
CertProviderServerSslContextProvider provider = getSslContextProvider(/* certInstanceName= */
"gcp_id", /* rootInstanceName= */
"gcp_id", CommonBootstrapperTestUtils.getTestBootstrapInfo(), /* alpnProtocols= */
null, staticCertValidationContext, /* requireClientCert= */
true);
// now generate cert update
watcherCaptor[0].updateCertificate(CommonCertProviderTestUtils.getPrivateKey(SERVER_0_KEY_FILE), ImmutableList.of(getCertFromResourceName(SERVER_0_PEM_FILE)));
TestCallback testCallback = new TestCallback(MoreExecutors.directExecutor());
provider.addCallback(testCallback);
try {
watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
fail("exception expected");
} catch (RuntimeException expected) {
assertThat(expected).hasMessageThat().contains("only static certificateValidationContext expected");
}
assertThat(testCallback.updatedThrowable).isNotNull();
assertThat(testCallback.updatedThrowable).hasCauseThat().hasMessageThat().contains("only static certificateValidationContext expected");
}
Also used :
TestCallback(io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback)
CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)
Test(org.junit.Test)
Example 3 with TestCallback
use of io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback in project grpc-java by grpc.
the class CertProviderServerSslContextProviderTest method testProviderForServer_tls.
@Test
public void testProviderForServer_tls() throws Exception {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
TestCertificateProvider.createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
CertProviderServerSslContextProvider provider = getSslContextProvider("gcp_id", /* rootInstanceName= */
null, CommonBootstrapperTestUtils.getTestBootstrapInfo(), /* alpnProtocols= */
null, /* staticCertValidationContext= */
null, /* requireClientCert= */
false);
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
assertThat(provider.getSslContext()).isNull();
// now generate cert update
watcherCaptor[0].updateCertificate(CommonCertProviderTestUtils.getPrivateKey(SERVER_0_KEY_FILE), ImmutableList.of(getCertFromResourceName(SERVER_0_PEM_FILE)));
assertThat(provider.getSslContext()).isNotNull();
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
TestCallback testCallback = CommonTlsContextTestsUtil.getValueThruCallback(provider);
doChecksOnSslContext(true, testCallback.updatedSslContext, /* expectedApnProtos= */
null);
}
Also used :
TestCallback(io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback)
Test(org.junit.Test)
Example 4 with TestCallback
use of io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback in project grpc-java by grpc.
the class CertProviderServerSslContextProviderTest method testProviderForServer_mtls_newXds.
@Test
public void testProviderForServer_mtls_newXds() throws Exception {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
TestCertificateProvider.createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
CertificateValidationContext staticCertValidationContext = CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(Arrays.asList(StringMatcher.newBuilder().setExact("foo.com").build(), StringMatcher.newBuilder().setExact("bar.com").build())).build();
CertProviderServerSslContextProvider provider = getNewSslContextProvider("gcp_id", "gcp_id", CommonBootstrapperTestUtils.getTestBootstrapInfo(), /* alpnProtocols= */
null, staticCertValidationContext, /* requireClientCert= */
true);
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
assertThat(provider.getSslContext()).isNull();
// now generate cert update
watcherCaptor[0].updateCertificate(CommonCertProviderTestUtils.getPrivateKey(SERVER_0_KEY_FILE), ImmutableList.of(getCertFromResourceName(SERVER_0_PEM_FILE)));
assertThat(provider.savedKey).isNotNull();
assertThat(provider.savedCertChain).isNotNull();
assertThat(provider.getSslContext()).isNull();
// now generate root cert update
watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
assertThat(provider.getSslContext()).isNotNull();
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
TestCallback testCallback = CommonTlsContextTestsUtil.getValueThruCallback(provider);
doChecksOnSslContext(true, testCallback.updatedSslContext, /* expectedApnProtos= */
null);
TestCallback testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isSameInstanceAs(testCallback.updatedSslContext);
// just do root cert update: sslContext should still be the same
watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CLIENT_PEM_FILE)));
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNotNull();
testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isSameInstanceAs(testCallback.updatedSslContext);
// now update id cert: sslContext should be updated i.e.different from the previous one
watcherCaptor[0].updateCertificate(CommonCertProviderTestUtils.getPrivateKey(SERVER_1_KEY_FILE), ImmutableList.of(getCertFromResourceName(SERVER_1_PEM_FILE)));
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
assertThat(provider.getSslContext()).isNotNull();
testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
}
Also used :
TestCallback(io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback)
CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)
Test(org.junit.Test)
Example 5 with TestCallback
use of io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback in project grpc-java by grpc.
the class CertProviderServerSslContextProviderTest method testProviderForServer_mtls.
@Test
public void testProviderForServer_mtls() throws Exception {
final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
TestCertificateProvider.createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
CertProviderServerSslContextProvider provider = getSslContextProvider("gcp_id", "gcp_id", CommonBootstrapperTestUtils.getTestBootstrapInfo(), /* alpnProtocols= */
null, /* staticCertValidationContext= */
null, /* requireClientCert= */
true);
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
assertThat(provider.getSslContext()).isNull();
// now generate cert update
watcherCaptor[0].updateCertificate(CommonCertProviderTestUtils.getPrivateKey(SERVER_0_KEY_FILE), ImmutableList.of(getCertFromResourceName(SERVER_0_PEM_FILE)));
assertThat(provider.savedKey).isNotNull();
assertThat(provider.savedCertChain).isNotNull();
assertThat(provider.getSslContext()).isNull();
// now generate root cert update
watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CA_PEM_FILE)));
assertThat(provider.getSslContext()).isNotNull();
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
TestCallback testCallback = CommonTlsContextTestsUtil.getValueThruCallback(provider);
doChecksOnSslContext(true, testCallback.updatedSslContext, /* expectedApnProtos= */
null);
TestCallback testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isSameInstanceAs(testCallback.updatedSslContext);
// just do root cert update: sslContext should still be the same
watcherCaptor[0].updateTrustedRoots(ImmutableList.of(getCertFromResourceName(CLIENT_PEM_FILE)));
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNotNull();
testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isSameInstanceAs(testCallback.updatedSslContext);
// now update id cert: sslContext should be updated i.e.different from the previous one
watcherCaptor[0].updateCertificate(CommonCertProviderTestUtils.getPrivateKey(SERVER_1_KEY_FILE), ImmutableList.of(getCertFromResourceName(SERVER_1_PEM_FILE)));
assertThat(provider.savedKey).isNull();
assertThat(provider.savedCertChain).isNull();
assertThat(provider.savedTrustedRoots).isNull();
assertThat(provider.getSslContext()).isNotNull();
testCallback1 = CommonTlsContextTestsUtil.getValueThruCallback(provider);
assertThat(testCallback1.updatedSslContext).isNotSameInstanceAs(testCallback.updatedSslContext);
}
Also used :
TestCallback(io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback)
Test(org.junit.Test)
Aggregations
TestCallback (io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback)10
Test (org.junit.Test)10
CertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)3
QueuedExecutor (io.grpc.xds.internal.certprovider.CertProviderClientSslContextProviderTest.QueuedExecutor)1
