| /* |
| * |
| * Copyright 2015 gRPC authors. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| * |
| */ |
| |
| 'use strict'; |
| |
| var assert = require('assert'); |
| var fs = require('fs'); |
| var path = require('path'); |
| |
| var grpc = require('..'); |
| |
| /** |
| * This is used for testing functions with multiple asynchronous calls that |
| * can happen in different orders. This should be passed the number of async |
| * function invocations that can occur last, and each of those should call this |
| * function's return value |
| * @param {function()} done The function that should be called when a test is |
| * complete. |
| * @param {number} count The number of calls to the resulting function if the |
| * test passes. |
| * @return {function()} The function that should be called at the end of each |
| * sequence of asynchronous functions. |
| */ |
| function multiDone(done, count) { |
| return function() { |
| count -= 1; |
| if (count <= 0) { |
| done(); |
| } |
| }; |
| } |
| |
| var fakeSuccessfulGoogleCredentials = { |
| getRequestMetadata: function(service_url, callback) { |
| setTimeout(function() { |
| callback(null, {Authorization: 'success'}); |
| }, 0); |
| } |
| }; |
| |
| var fakeFailingGoogleCredentials = { |
| getRequestMetadata: function(service_url, callback) { |
| setTimeout(function() { |
| // Google credentials currently adds string error codes to auth errors |
| var error = new Error('Authentication failure'); |
| error.code = 'ENOENT'; |
| callback(error); |
| }, 0); |
| } |
| }; |
| |
| var key_data, pem_data, ca_data; |
| |
| before(function() { |
| var key_path = path.join(__dirname, './data/server1.key'); |
| var pem_path = path.join(__dirname, './data/server1.pem'); |
| var ca_path = path.join(__dirname, '../test/data/ca.pem'); |
| key_data = fs.readFileSync(key_path); |
| pem_data = fs.readFileSync(pem_path); |
| ca_data = fs.readFileSync(ca_path); |
| }); |
| |
| describe('channel credentials', function() { |
| describe('#createSsl', function() { |
| it('works with no arguments', function() { |
| var creds; |
| assert.doesNotThrow(function() { |
| creds = grpc.credentials.createSsl(); |
| }); |
| assert.notEqual(creds, null); |
| }); |
| it('works with just one Buffer argument', function() { |
| var creds; |
| assert.doesNotThrow(function() { |
| creds = grpc.credentials.createSsl(ca_data); |
| }); |
| assert.notEqual(creds, null); |
| }); |
| it('works with 3 Buffer arguments', function() { |
| var creds; |
| assert.doesNotThrow(function() { |
| creds = grpc.credentials.createSsl(ca_data, key_data, pem_data); |
| }); |
| assert.notEqual(creds, null); |
| }); |
| it('works if the first argument is null', function() { |
| var creds; |
| assert.doesNotThrow(function() { |
| creds = grpc.credentials.createSsl(null, key_data, pem_data); |
| }); |
| assert.notEqual(creds, null); |
| }); |
| it('fails if the first argument is a non-Buffer value', function() { |
| assert.throws(function() { |
| grpc.credentials.createSsl('test'); |
| }, TypeError); |
| }); |
| it('fails if the second argument is a non-Buffer value', function() { |
| assert.throws(function() { |
| grpc.credentials.createSsl(null, 'test', pem_data); |
| }, TypeError); |
| }); |
| it('fails if the third argument is a non-Buffer value', function() { |
| assert.throws(function() { |
| grpc.credentials.createSsl(null, key_data, 'test'); |
| }, TypeError); |
| }); |
| it('fails if only 1 of the last 2 arguments is provided', function() { |
| assert.throws(function() { |
| grpc.credentials.createSsl(null, key_data); |
| }); |
| assert.throws(function() { |
| grpc.credentials.createSsl(null, null, pem_data); |
| }); |
| }); |
| }); |
| }); |
| |
| describe('server credentials', function() { |
| describe('#createSsl', function() { |
| it('accepts a buffer and array as the first 2 arguments', function() { |
| var creds; |
| assert.doesNotThrow(function() { |
| creds = grpc.ServerCredentials.createSsl(ca_data, []); |
| }); |
| assert.notEqual(creds, null); |
| }); |
| it('accepts a boolean as the third argument', function() { |
| var creds; |
| assert.doesNotThrow(function() { |
| creds = grpc.ServerCredentials.createSsl(ca_data, [], true); |
| }); |
| assert.notEqual(creds, null); |
| }); |
| it('accepts an object with two buffers in the second argument', function() { |
| var creds; |
| assert.doesNotThrow(function() { |
| creds = grpc.ServerCredentials.createSsl(null, |
| [{private_key: key_data, |
| cert_chain: pem_data}]); |
| }); |
| assert.notEqual(creds, null); |
| }); |
| it('accepts multiple objects in the second argument', function() { |
| var creds; |
| assert.doesNotThrow(function() { |
| creds = grpc.ServerCredentials.createSsl(null, |
| [{private_key: key_data, |
| cert_chain: pem_data}, |
| {private_key: key_data, |
| cert_chain: pem_data}]); |
| }); |
| assert.notEqual(creds, null); |
| }); |
| it('fails if the second argument is not an Array', function() { |
| assert.throws(function() { |
| grpc.ServerCredentials.createSsl(ca_data, 'test'); |
| }, TypeError); |
| }); |
| it('fails if the first argument is a non-Buffer value', function() { |
| assert.throws(function() { |
| grpc.ServerCredentials.createSsl('test', []); |
| }, TypeError); |
| }); |
| it('fails if the third argument is a non-boolean value', function() { |
| assert.throws(function() { |
| grpc.ServerCredentials.createSsl(ca_data, [], 'test'); |
| }, TypeError); |
| }); |
| it('fails if the array elements are not objects', function() { |
| assert.throws(function() { |
| grpc.ServerCredentials.createSsl(ca_data, 'test'); |
| }, TypeError); |
| }); |
| it('fails if the object does not have a Buffer private_key', function() { |
| assert.throws(function() { |
| grpc.ServerCredentials.createSsl(null, |
| [{private_key: 'test', |
| cert_chain: pem_data}]); |
| }, TypeError); |
| }); |
| it('fails if the object does not have a Buffer cert_chain', function() { |
| assert.throws(function() { |
| grpc.ServerCredentials.createSsl(null, |
| [{private_key: key_data, |
| cert_chain: 'test'}]); |
| }, TypeError); |
| }); |
| }); |
| }); |
| |
| describe('client credentials', function() { |
| var Client; |
| var server; |
| var port; |
| var client_ssl_creds; |
| var client_options = {}; |
| before(function() { |
| var proto = grpc.load(__dirname + '/test_service.proto'); |
| server = new grpc.Server(); |
| server.addService(proto.TestService.service, { |
| unary: function(call, cb) { |
| call.sendMetadata(call.metadata); |
| cb(null, {}); |
| }, |
| clientStream: function(stream, cb){ |
| stream.on('data', function(data) {}); |
| stream.on('end', function() { |
| stream.sendMetadata(stream.metadata); |
| cb(null, {}); |
| }); |
| }, |
| serverStream: function(stream) { |
| stream.sendMetadata(stream.metadata); |
| stream.end(); |
| }, |
| bidiStream: function(stream) { |
| stream.on('data', function(data) {}); |
| stream.on('end', function() { |
| stream.sendMetadata(stream.metadata); |
| stream.end(); |
| }); |
| } |
| }); |
| var creds = grpc.ServerCredentials.createSsl(null, |
| [{private_key: key_data, |
| cert_chain: pem_data}]); |
| port = server.bind('localhost:0', creds); |
| server.start(); |
| |
| Client = proto.TestService; |
| client_ssl_creds = grpc.credentials.createSsl(ca_data); |
| var host_override = 'foo.test.google.fr'; |
| client_options['grpc.ssl_target_name_override'] = host_override; |
| client_options['grpc.default_authority'] = host_override; |
| }); |
| after(function() { |
| server.forceShutdown(); |
| }); |
| it('Should accept SSL creds for a client', function(done) { |
| var client = new Client('localhost:' + port, client_ssl_creds, |
| client_options); |
| client.unary({}, function(err, data) { |
| assert.ifError(err); |
| done(); |
| }); |
| }); |
| it('Should update metadata with SSL creds', function(done) { |
| var metadataUpdater = function(service_url, callback) { |
| var metadata = new grpc.Metadata(); |
| metadata.set('plugin_key', 'plugin_value'); |
| callback(null, metadata); |
| }; |
| var creds = grpc.credentials.createFromMetadataGenerator(metadataUpdater); |
| var combined_creds = grpc.credentials.combineChannelCredentials( |
| client_ssl_creds, creds); |
| var client = new Client('localhost:' + port, combined_creds, |
| client_options); |
| var call = client.unary({}, function(err, data) { |
| assert.ifError(err); |
| }); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), ['plugin_value']); |
| done(); |
| }); |
| }); |
| it('Should update metadata for two simultaneous calls', function(done) { |
| done = multiDone(done, 2); |
| var metadataUpdater = function(service_url, callback) { |
| var metadata = new grpc.Metadata(); |
| metadata.set('plugin_key', 'plugin_value'); |
| callback(null, metadata); |
| }; |
| var creds = grpc.credentials.createFromMetadataGenerator(metadataUpdater); |
| var combined_creds = grpc.credentials.combineChannelCredentials( |
| client_ssl_creds, creds); |
| var client = new Client('localhost:' + port, combined_creds, |
| client_options); |
| var call = client.unary({}, function(err, data) { |
| assert.ifError(err); |
| }); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), ['plugin_value']); |
| done(); |
| }); |
| var call2 = client.unary({}, function(err, data) { |
| assert.ifError(err); |
| }); |
| call2.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), ['plugin_value']); |
| done(); |
| }); |
| }); |
| it('should propagate errors that the updater emits', function(done) { |
| var metadataUpdater = function(service_url, callback) { |
| var error = new Error('Authentication error'); |
| error.code = grpc.status.UNAUTHENTICATED; |
| callback(error); |
| }; |
| var creds = grpc.credentials.createFromMetadataGenerator(metadataUpdater); |
| var combined_creds = grpc.credentials.combineChannelCredentials( |
| client_ssl_creds, creds); |
| var client = new Client('localhost:' + port, combined_creds, |
| client_options); |
| client.unary({}, function(err, data) { |
| assert(err); |
| assert.strictEqual(err.message, |
| 'Getting metadata from plugin failed with error: ' + |
| 'Authentication error'); |
| assert.strictEqual(err.code, grpc.status.UNAUTHENTICATED); |
| done(); |
| }); |
| }); |
| it('should successfully wrap a Google credential', function(done) { |
| var creds = grpc.credentials.createFromGoogleCredential( |
| fakeSuccessfulGoogleCredentials); |
| var combined_creds = grpc.credentials.combineChannelCredentials( |
| client_ssl_creds, creds); |
| var client = new Client('localhost:' + port, combined_creds, |
| client_options); |
| var call = client.unary({}, function(err, data) { |
| assert.ifError(err); |
| }); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('authorization'), ['success']); |
| done(); |
| }); |
| }); |
| it('Should not add metadata with just SSL credentials', function(done) { |
| // Tests idempotency of credentials composition |
| var metadataUpdater = function(service_url, callback) { |
| var metadata = new grpc.Metadata(); |
| metadata.set('plugin_key', 'plugin_value'); |
| callback(null, metadata); |
| }; |
| var creds = grpc.credentials.createFromMetadataGenerator(metadataUpdater); |
| grpc.credentials.combineChannelCredentials(client_ssl_creds, creds); |
| var client = new Client('localhost:' + port, client_ssl_creds, |
| client_options); |
| var call = client.unary({}, function(err, data) { |
| assert.ifError(err); |
| }); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), []); |
| done(); |
| }); |
| }); |
| it('should get an error from a Google credential', function(done) { |
| var creds = grpc.credentials.createFromGoogleCredential( |
| fakeFailingGoogleCredentials); |
| var combined_creds = grpc.credentials.combineChannelCredentials( |
| client_ssl_creds, creds); |
| var client = new Client('localhost:' + port, combined_creds, |
| client_options); |
| client.unary({}, function(err, data) { |
| assert(err); |
| assert.strictEqual(err.message, |
| 'Getting metadata from plugin failed with error: ' + |
| 'Authentication failure'); |
| done(); |
| }); |
| }); |
| describe('Per-rpc creds', function() { |
| var client; |
| var updater_creds; |
| before(function() { |
| client = new Client('localhost:' + port, client_ssl_creds, |
| client_options); |
| var metadataUpdater = function(service_url, callback) { |
| var metadata = new grpc.Metadata(); |
| metadata.set('plugin_key', 'plugin_value'); |
| callback(null, metadata); |
| }; |
| updater_creds = grpc.credentials.createFromMetadataGenerator( |
| metadataUpdater); |
| }); |
| it('Should update metadata on a unary call', function(done) { |
| var call = client.unary({}, {credentials: updater_creds}, |
| function(err, data) { |
| assert.ifError(err); |
| }); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), ['plugin_value']); |
| done(); |
| }); |
| }); |
| it('should update metadata on a client streaming call', function(done) { |
| var call = client.clientStream({credentials: updater_creds}, |
| function(err, data) { |
| assert.ifError(err); |
| }); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), ['plugin_value']); |
| done(); |
| }); |
| call.end(); |
| }); |
| it('should update metadata on a server streaming call', function(done) { |
| var call = client.serverStream({}, {credentials: updater_creds}); |
| call.on('data', function() {}); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), ['plugin_value']); |
| done(); |
| }); |
| }); |
| it('should update metadata on a bidi streaming call', function(done) { |
| var call = client.bidiStream({credentials: updater_creds}); |
| call.on('data', function() {}); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), ['plugin_value']); |
| done(); |
| }); |
| call.end(); |
| }); |
| it('should be able to use multiple plugin credentials', function(done) { |
| var altMetadataUpdater = function(service_url, callback) { |
| var metadata = new grpc.Metadata(); |
| metadata.set('other_plugin_key', 'other_plugin_value'); |
| callback(null, metadata); |
| }; |
| var alt_updater_creds = grpc.credentials.createFromMetadataGenerator( |
| altMetadataUpdater); |
| var combined_updater = grpc.credentials.combineCallCredentials( |
| updater_creds, alt_updater_creds); |
| var call = client.unary({}, {credentials: combined_updater}, |
| function(err, data) { |
| assert.ifError(err); |
| }); |
| call.on('metadata', function(metadata) { |
| assert.deepEqual(metadata.get('plugin_key'), ['plugin_value']); |
| assert.deepEqual(metadata.get('other_plugin_key'), |
| ['other_plugin_value']); |
| done(); |
| }); |
| }); |
| }); |
| }); |