Blame - test/core/tsi/ssl_transport_security_test.cc - platform/external/grpc-grpc

blob: 88f1abc18c3de5cb64d5cccb3f9a8823c477ac70 [file] [log] [blame]

Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	1	/*
				2	*
				3	* Copyright 2017 gRPC authors.
				4	*
				5	* Licensed under the Apache License, Version 2.0 (the "License");
				6	* you may not use this file except in compliance with the License.
				7	* You may obtain a copy of the License at
				8	*
				9	* http://www.apache.org/licenses/LICENSE-2.0
				10	*
				11	* Unless required by applicable law or agreed to in writing, software
				12	* distributed under the License is distributed on an "AS IS" BASIS,
				13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				14	* See the License for the specific language governing permissions and
				15	* limitations under the License.
				16	*
				17	*/
				18
				19	#include <stdbool.h>
				20	#include <stdio.h>
				21	#include <string.h>
				22
				23	#include "src/core/lib/iomgr/load_file.h"
Yihua Zhang	75f0a9f	2018-02-20 10:09:47 -0800	[diff] [blame]	24	#include "src/core/lib/security/security_connector/security_connector.h"
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	25	#include "src/core/tsi/ssl_transport_security.h"
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	26	#include "src/core/tsi/transport_security.h"
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	27	#include "src/core/tsi/transport_security_adapter.h"
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	28	#include "src/core/tsi/transport_security_interface.h"
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	29	#include "test/core/tsi/transport_security_test_lib.h"
				30	#include "test/core/util/test_config.h"
				31
				32	#include <grpc/grpc.h>
				33	#include <grpc/support/alloc.h>
				34	#include <grpc/support/log.h>
				35	#include <grpc/support/string_util.h>
				36
				37	#define SSL_TSI_TEST_ALPN1 "foo"
				38	#define SSL_TSI_TEST_ALPN2 "toto"
				39	#define SSL_TSI_TEST_ALPN3 "baz"
				40	#define SSL_TSI_TEST_ALPN_NUM 2
				41	#define SSL_TSI_TEST_SERVER_KEY_CERT_PAIRS_NUM 2
				42	#define SSL_TSI_TEST_BAD_SERVER_KEY_CERT_PAIRS_NUM 1
				43	#define SSL_TSI_TEST_CREDENTIALS_DIR "src/core/tsi/test_creds/"
				44
				45	typedef enum AlpnMode {
				46	NO_ALPN,
				47	ALPN_CLIENT_NO_SERVER,
				48	ALPN_SERVER_NO_CLIENT,
				49	ALPN_CLIENT_SERVER_OK,
				50	ALPN_CLIENT_SERVER_MISMATCH
				51	} AlpnMode;
				52
				53	typedef struct ssl_alpn_lib {
				54	AlpnMode alpn_mode;
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	55	const char** server_alpn_protocols;
				56	const char** client_alpn_protocols;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	57	uint16_t num_server_alpn_protocols;
				58	uint16_t num_client_alpn_protocols;
				59	} ssl_alpn_lib;
				60
				61	typedef struct ssl_key_cert_lib {
				62	bool use_bad_server_cert;
				63	bool use_bad_client_cert;
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	64	bool use_root_store;
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	65	char* root_cert;
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	66	tsi_ssl_root_certs_store* root_store;
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	67	tsi_ssl_pem_key_cert_pair* server_pem_key_cert_pairs;
				68	tsi_ssl_pem_key_cert_pair* bad_server_pem_key_cert_pairs;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	69	tsi_ssl_pem_key_cert_pair client_pem_key_cert_pair;
				70	tsi_ssl_pem_key_cert_pair bad_client_pem_key_cert_pair;
				71	uint16_t server_num_key_cert_pairs;
				72	uint16_t bad_server_num_key_cert_pairs;
				73	} ssl_key_cert_lib;
				74
				75	typedef struct ssl_tsi_test_fixture {
				76	tsi_test_fixture base;
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	77	ssl_key_cert_lib* key_cert_lib;
				78	ssl_alpn_lib* alpn_lib;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	79	bool force_client_auth;
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	80	char* server_name_indication;
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	81	tsi_ssl_session_cache* session_cache;
				82	bool session_reused;
				83	const char* session_ticket_key;
				84	size_t session_ticket_key_size;
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	85	tsi_ssl_server_handshaker_factory* server_handshaker_factory;
				86	tsi_ssl_client_handshaker_factory* client_handshaker_factory;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	87	} ssl_tsi_test_fixture;
				88
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	89	static void ssl_test_setup_handshakers(tsi_test_fixture* fixture) {
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	90	ssl_tsi_test_fixture* ssl_fixture =
				91	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	92	GPR_ASSERT(ssl_fixture != nullptr);
				93	GPR_ASSERT(ssl_fixture->key_cert_lib != nullptr);
				94	GPR_ASSERT(ssl_fixture->alpn_lib != nullptr);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	95	ssl_key_cert_lib* key_cert_lib = ssl_fixture->key_cert_lib;
				96	ssl_alpn_lib* alpn_lib = ssl_fixture->alpn_lib;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	97	/* Create client handshaker factory. */
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	98	tsi_ssl_client_handshaker_options client_options;
				99	memset(&client_options, 0, sizeof(client_options));
				100	client_options.pem_root_certs = key_cert_lib->root_cert;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	101	if (ssl_fixture->force_client_auth) {
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	102	client_options.pem_key_cert_pair =
				103	key_cert_lib->use_bad_client_cert
				104	? &key_cert_lib->bad_client_pem_key_cert_pair
				105	: &key_cert_lib->client_pem_key_cert_pair;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	106	}
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	107	if (alpn_lib->alpn_mode == ALPN_CLIENT_NO_SERVER \|\|
				108	alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_OK \|\|
				109	alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_MISMATCH) {
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	110	client_options.alpn_protocols = alpn_lib->client_alpn_protocols;
				111	client_options.num_alpn_protocols = alpn_lib->num_client_alpn_protocols;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	112	}
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	113	client_options.root_store =
				114	key_cert_lib->use_root_store ? key_cert_lib->root_store : nullptr;
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	115	if (ssl_fixture->session_cache != nullptr) {
				116	client_options.session_cache = ssl_fixture->session_cache;
				117	}
				118	GPR_ASSERT(tsi_create_ssl_client_handshaker_factory_with_options(
				119	&client_options, &ssl_fixture->client_handshaker_factory) ==
				120	TSI_OK);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	121	/* Create server handshaker factory. */
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	122	tsi_ssl_server_handshaker_options server_options;
				123	memset(&server_options, 0, sizeof(server_options));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	124	if (alpn_lib->alpn_mode == ALPN_SERVER_NO_CLIENT \|\|
				125	alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_OK \|\|
				126	alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_MISMATCH) {
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	127	server_options.alpn_protocols = alpn_lib->server_alpn_protocols;
				128	server_options.num_alpn_protocols = alpn_lib->num_server_alpn_protocols;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	129	if (alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_MISMATCH) {
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	130	server_options.num_alpn_protocols--;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	131	}
				132	}
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	133	server_options.pem_key_cert_pairs =
				134	key_cert_lib->use_bad_server_cert
				135	? key_cert_lib->bad_server_pem_key_cert_pairs
				136	: key_cert_lib->server_pem_key_cert_pairs;
				137	server_options.num_key_cert_pairs =
				138	key_cert_lib->use_bad_server_cert
				139	? key_cert_lib->bad_server_num_key_cert_pairs
				140	: key_cert_lib->server_num_key_cert_pairs;
				141	server_options.pem_client_root_certs = key_cert_lib->root_cert;
				142	if (ssl_fixture->force_client_auth) {
				143	server_options.client_certificate_request =
				144	TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY;
				145	} else {
				146	server_options.client_certificate_request =
				147	TSI_DONT_REQUEST_CLIENT_CERTIFICATE;
				148	}
				149	server_options.session_ticket_key = ssl_fixture->session_ticket_key;
				150	server_options.session_ticket_key_size = ssl_fixture->session_ticket_key_size;
				151	GPR_ASSERT(tsi_create_ssl_server_handshaker_factory_with_options(
				152	&server_options, &ssl_fixture->server_handshaker_factory) ==
				153	TSI_OK);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	154	/* Create server and client handshakers. */
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	155	tsi_handshaker* client_handshaker = nullptr;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	156	GPR_ASSERT(tsi_ssl_client_handshaker_factory_create_handshaker(
				157	ssl_fixture->client_handshaker_factory,
				158	ssl_fixture->server_name_indication,
				159	&client_handshaker) == TSI_OK);
				160	ssl_fixture->base.client_handshaker =
				161	tsi_create_adapter_handshaker(client_handshaker);
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	162	tsi_handshaker* server_handshaker = nullptr;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	163	GPR_ASSERT(tsi_ssl_server_handshaker_factory_create_handshaker(
				164	ssl_fixture->server_handshaker_factory, &server_handshaker) ==
				165	TSI_OK);
				166	ssl_fixture->base.server_handshaker =
				167	tsi_create_adapter_handshaker(server_handshaker);
				168	}
				169
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	170	static void check_alpn(ssl_tsi_test_fixture* ssl_fixture,
				171	const tsi_peer* peer) {
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	172	GPR_ASSERT(ssl_fixture != nullptr);
				173	GPR_ASSERT(ssl_fixture->alpn_lib != nullptr);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	174	ssl_alpn_lib* alpn_lib = ssl_fixture->alpn_lib;
				175	const tsi_peer_property* alpn_property =
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	176	tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL);
				177	if (alpn_lib->alpn_mode != ALPN_CLIENT_SERVER_OK) {
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	178	GPR_ASSERT(alpn_property == nullptr);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	179	} else {
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	180	GPR_ASSERT(alpn_property != nullptr);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	181	const char* expected_match = "baz";
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	182	GPR_ASSERT(memcmp(alpn_property->value.data, expected_match,
				183	alpn_property->value.length) == 0);
				184	}
				185	}
				186
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	187	static const tsi_peer_property*
				188	check_basic_authenticated_peer_and_get_common_name(const tsi_peer* peer) {
				189	const tsi_peer_property* cert_type_property =
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	190	tsi_peer_get_property_by_name(peer, TSI_CERTIFICATE_TYPE_PEER_PROPERTY);
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	191	GPR_ASSERT(cert_type_property != nullptr);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	192	GPR_ASSERT(memcmp(cert_type_property->value.data, TSI_X509_CERTIFICATE_TYPE,
				193	cert_type_property->value.length) == 0);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	194	const tsi_peer_property* property = tsi_peer_get_property_by_name(
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	195	peer, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY);
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	196	GPR_ASSERT(property != nullptr);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	197	return property;
				198	}
				199
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	200	static void check_session_reusage(ssl_tsi_test_fixture* ssl_fixture,
				201	tsi_peer* peer) {
				202	const tsi_peer_property* session_reused =
				203	tsi_peer_get_property_by_name(peer, TSI_SSL_SESSION_REUSED_PEER_PROPERTY);
				204	GPR_ASSERT(session_reused != nullptr);
				205	if (ssl_fixture->session_reused) {
				206	GPR_ASSERT(strcmp(session_reused->value.data, "true") == 0);
				207	} else {
				208	GPR_ASSERT(strcmp(session_reused->value.data, "false") == 0);
				209	}
				210	}
				211
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	212	void check_server0_peer(tsi_peer* peer) {
				213	const tsi_peer_property* property =
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	214	check_basic_authenticated_peer_and_get_common_name(peer);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	215	const char* expected_match = "*.test.google.com.au";
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	216	GPR_ASSERT(memcmp(property->value.data, expected_match,
				217	property->value.length) == 0);
				218	GPR_ASSERT(tsi_peer_get_property_by_name(
				219	peer, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) ==
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	220	nullptr);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	221	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "foo.test.google.com.au") == 1);
				222	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "bar.test.google.com.au") == 1);
				223	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "bar.test.google.blah") == 0);
				224	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "foo.bar.test.google.com.au") ==
				225	0);
				226	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "test.google.com.au") == 0);
				227	tsi_peer_destruct(peer);
				228	}
				229
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	230	static bool check_subject_alt_name(tsi_peer* peer, const char* name) {
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	231	for (size_t i = 0; i < peer->property_count; i++) {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	232	const tsi_peer_property* prop = &peer->properties[i];
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	233	if (strcmp(prop->name, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) ==
				234	0) {
				235	if (memcmp(prop->value.data, name, prop->value.length) == 0) {
				236	return true;
				237	}
				238	}
				239	}
				240	return false;
				241	}
				242
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	243	void check_server1_peer(tsi_peer* peer) {
				244	const tsi_peer_property* property =
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	245	check_basic_authenticated_peer_and_get_common_name(peer);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	246	const char* expected_match = "*.test.google.com";
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	247	GPR_ASSERT(memcmp(property->value.data, expected_match,
				248	property->value.length) == 0);
				249	GPR_ASSERT(check_subject_alt_name(peer, "*.test.google.fr") == 1);
				250	GPR_ASSERT(check_subject_alt_name(peer, "waterzooi.test.google.be") == 1);
				251	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "foo.test.google.fr") == 1);
				252	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "bar.test.google.fr") == 1);
				253	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "waterzooi.test.google.be") == 1);
				254	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "foo.test.youtube.com") == 1);
				255	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "bar.foo.test.google.com") == 0);
				256	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "test.google.fr") == 0);
				257	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "tartines.test.google.be") == 0);
				258	GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "tartines.youtube.com") == 0);
				259	tsi_peer_destruct(peer);
				260	}
				261
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	262	static void check_client_peer(ssl_tsi_test_fixture* ssl_fixture,
				263	tsi_peer* peer) {
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	264	GPR_ASSERT(ssl_fixture != nullptr);
				265	GPR_ASSERT(ssl_fixture->alpn_lib != nullptr);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	266	ssl_alpn_lib* alpn_lib = ssl_fixture->alpn_lib;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	267	if (!ssl_fixture->force_client_auth) {
				268	GPR_ASSERT(peer->property_count ==
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	269	(alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_OK ? 2 : 1));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	270	} else {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	271	const tsi_peer_property* property =
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	272	check_basic_authenticated_peer_and_get_common_name(peer);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	273	const char* expected_match = "testclient";
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	274	GPR_ASSERT(memcmp(property->value.data, expected_match,
				275	property->value.length) == 0);
				276	}
				277	tsi_peer_destruct(peer);
				278	}
				279
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	280	static void ssl_test_check_handshaker_peers(tsi_test_fixture* fixture) {
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	281	ssl_tsi_test_fixture* ssl_fixture =
				282	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	283	GPR_ASSERT(ssl_fixture != nullptr);
				284	GPR_ASSERT(ssl_fixture->key_cert_lib != nullptr);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	285	ssl_key_cert_lib* key_cert_lib = ssl_fixture->key_cert_lib;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	286	tsi_peer peer;
				287	bool expect_success =
				288	!(key_cert_lib->use_bad_server_cert \|\|
				289	(key_cert_lib->use_bad_client_cert && ssl_fixture->force_client_auth));
				290	if (expect_success) {
				291	GPR_ASSERT(tsi_handshaker_result_extract_peer(
				292	ssl_fixture->base.client_result, &peer) == TSI_OK);
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	293	check_session_reusage(ssl_fixture, &peer);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	294	check_alpn(ssl_fixture, &peer);
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	295	if (ssl_fixture->server_name_indication != nullptr) {
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	296	check_server1_peer(&peer);
				297	} else {
				298	check_server0_peer(&peer);
				299	}
				300	} else {
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	301	GPR_ASSERT(ssl_fixture->base.client_result == nullptr);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	302	}
				303	if (expect_success) {
				304	GPR_ASSERT(tsi_handshaker_result_extract_peer(
				305	ssl_fixture->base.server_result, &peer) == TSI_OK);
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	306	check_session_reusage(ssl_fixture, &peer);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	307	check_alpn(ssl_fixture, &peer);
				308	check_client_peer(ssl_fixture, &peer);
				309	} else {
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	310	GPR_ASSERT(ssl_fixture->base.server_result == nullptr);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	311	}
				312	}
				313
				314	static void ssl_test_pem_key_cert_pair_destroy(tsi_ssl_pem_key_cert_pair kp) {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	315	gpr_free((void*)kp.private_key);
				316	gpr_free((void*)kp.cert_chain);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	317	}
				318
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	319	static void ssl_test_destruct(tsi_test_fixture* fixture) {
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	320	ssl_tsi_test_fixture* ssl_fixture =
				321	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	322	if (ssl_fixture == nullptr) {
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	323	return;
				324	}
				325	/* Destroy ssl_alpn_lib. */
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	326	ssl_alpn_lib* alpn_lib = ssl_fixture->alpn_lib;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	327	for (size_t i = 0; i < alpn_lib->num_server_alpn_protocols; i++) {
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	328	gpr_free(const_cast<char*>(alpn_lib->server_alpn_protocols[i]));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	329	}
				330	gpr_free(alpn_lib->server_alpn_protocols);
				331	for (size_t i = 0; i < alpn_lib->num_client_alpn_protocols; i++) {
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	332	gpr_free(const_cast<char*>(alpn_lib->client_alpn_protocols[i]));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	333	}
				334	gpr_free(alpn_lib->client_alpn_protocols);
				335	gpr_free(alpn_lib);
				336	/* Destroy ssl_key_cert_lib. */
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	337	ssl_key_cert_lib* key_cert_lib = ssl_fixture->key_cert_lib;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	338	for (size_t i = 0; i < key_cert_lib->server_num_key_cert_pairs; i++) {
				339	ssl_test_pem_key_cert_pair_destroy(
				340	key_cert_lib->server_pem_key_cert_pairs[i]);
				341	}
				342	gpr_free(key_cert_lib->server_pem_key_cert_pairs);
				343	for (size_t i = 0; i < key_cert_lib->bad_server_num_key_cert_pairs; i++) {
				344	ssl_test_pem_key_cert_pair_destroy(
				345	key_cert_lib->bad_server_pem_key_cert_pairs[i]);
				346	}
				347	gpr_free(key_cert_lib->bad_server_pem_key_cert_pairs);
				348	ssl_test_pem_key_cert_pair_destroy(key_cert_lib->client_pem_key_cert_pair);
				349	ssl_test_pem_key_cert_pair_destroy(
				350	key_cert_lib->bad_client_pem_key_cert_pair);
				351	gpr_free(key_cert_lib->root_cert);
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	352	tsi_ssl_root_certs_store_destroy(key_cert_lib->root_store);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	353	gpr_free(key_cert_lib);
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	354	if (ssl_fixture->session_cache != nullptr) {
				355	tsi_ssl_session_cache_unref(ssl_fixture->session_cache);
				356	}
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	357	/* Unreference others. */
				358	tsi_ssl_server_handshaker_factory_unref(
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	359	ssl_fixture->server_handshaker_factory);
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	360	tsi_ssl_client_handshaker_factory_unref(
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	361	ssl_fixture->client_handshaker_factory);
				362	}
				363
				364	static const struct tsi_test_fixture_vtable vtable = {
				365	ssl_test_setup_handshakers, ssl_test_check_handshaker_peers,
				366	ssl_test_destruct};
				367
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	368	static char* load_file(const char* dir_path, const char* file_name) {
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	369	char* file_path = static_cast<char*>(
Yash Tibrewal	34a57d0	2017-10-23 15:33:21 -0700	[diff] [blame]	370	gpr_zalloc(sizeof(char) * (strlen(dir_path) + strlen(file_name) + 1)));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	371	memcpy(file_path, dir_path, strlen(dir_path));
				372	memcpy(file_path + strlen(dir_path), file_name, strlen(file_name));
				373	grpc_slice slice;
				374	GPR_ASSERT(grpc_load_file(file_path, 1, &slice) == GRPC_ERROR_NONE);
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	375	char* data = grpc_slice_to_c_string(slice);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	376	grpc_slice_unref(slice);
				377	gpr_free(file_path);
				378	return data;
				379	}
				380
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	381	static tsi_test_fixture* ssl_tsi_test_fixture_create() {
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	382	ssl_tsi_test_fixture* ssl_fixture =
				383	static_cast<ssl_tsi_test_fixture>(gpr_zalloc(sizeof(ssl_fixture)));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	384	tsi_test_fixture_init(&ssl_fixture->base);
				385	ssl_fixture->base.test_unused_bytes = false;
				386	ssl_fixture->base.vtable = &vtable;
				387	/* Create ssl_key_cert_lib. */
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	388	ssl_key_cert_lib* key_cert_lib =
				389	static_cast<ssl_key_cert_lib>(gpr_zalloc(sizeof(key_cert_lib)));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	390	key_cert_lib->use_bad_server_cert = false;
				391	key_cert_lib->use_bad_client_cert = false;
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	392	key_cert_lib->use_root_store = false;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	393	key_cert_lib->server_num_key_cert_pairs =
				394	SSL_TSI_TEST_SERVER_KEY_CERT_PAIRS_NUM;
				395	key_cert_lib->bad_server_num_key_cert_pairs =
				396	SSL_TSI_TEST_BAD_SERVER_KEY_CERT_PAIRS_NUM;
				397	key_cert_lib->server_pem_key_cert_pairs =
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	398	static_cast<tsi_ssl_pem_key_cert_pair*>(
Yash Tibrewal	34a57d0	2017-10-23 15:33:21 -0700	[diff] [blame]	399	gpr_malloc(sizeof(tsi_ssl_pem_key_cert_pair) *
				400	key_cert_lib->server_num_key_cert_pairs));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	401	key_cert_lib->bad_server_pem_key_cert_pairs =
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	402	static_cast<tsi_ssl_pem_key_cert_pair*>(
Yash Tibrewal	34a57d0	2017-10-23 15:33:21 -0700	[diff] [blame]	403	gpr_malloc(sizeof(tsi_ssl_pem_key_cert_pair) *
				404	key_cert_lib->bad_server_num_key_cert_pairs));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	405	key_cert_lib->server_pem_key_cert_pairs[0].private_key =
				406	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server0.key");
				407	key_cert_lib->server_pem_key_cert_pairs[0].cert_chain =
				408	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server0.pem");
				409	key_cert_lib->server_pem_key_cert_pairs[1].private_key =
				410	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server1.key");
				411	key_cert_lib->server_pem_key_cert_pairs[1].cert_chain =
				412	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server1.pem");
				413	key_cert_lib->bad_server_pem_key_cert_pairs[0].private_key =
				414	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badserver.key");
				415	key_cert_lib->bad_server_pem_key_cert_pairs[0].cert_chain =
				416	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badserver.pem");
				417	key_cert_lib->client_pem_key_cert_pair.private_key =
				418	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "client.key");
				419	key_cert_lib->client_pem_key_cert_pair.cert_chain =
				420	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "client.pem");
				421	key_cert_lib->bad_client_pem_key_cert_pair.private_key =
				422	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badclient.key");
				423	key_cert_lib->bad_client_pem_key_cert_pair.cert_chain =
				424	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badclient.pem");
				425	key_cert_lib->root_cert = load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "ca.pem");
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	426	key_cert_lib->root_store =
				427	tsi_ssl_root_certs_store_create(key_cert_lib->root_cert);
				428	GPR_ASSERT(key_cert_lib->root_store != nullptr);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	429	ssl_fixture->key_cert_lib = key_cert_lib;
				430	/* Create ssl_alpn_lib. */
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	431	ssl_alpn_lib* alpn_lib =
				432	static_cast<ssl_alpn_lib>(gpr_zalloc(sizeof(alpn_lib)));
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	433	alpn_lib->server_alpn_protocols = static_cast<const char**>(
				434	gpr_zalloc(sizeof(char) SSL_TSI_TEST_ALPN_NUM));
				435	alpn_lib->client_alpn_protocols = static_cast<const char**>(
				436	gpr_zalloc(sizeof(char) SSL_TSI_TEST_ALPN_NUM));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	437	alpn_lib->server_alpn_protocols[0] = gpr_strdup(SSL_TSI_TEST_ALPN1);
				438	alpn_lib->server_alpn_protocols[1] = gpr_strdup(SSL_TSI_TEST_ALPN3);
				439	alpn_lib->client_alpn_protocols[0] = gpr_strdup(SSL_TSI_TEST_ALPN2);
				440	alpn_lib->client_alpn_protocols[1] = gpr_strdup(SSL_TSI_TEST_ALPN3);
				441	alpn_lib->num_server_alpn_protocols = SSL_TSI_TEST_ALPN_NUM;
				442	alpn_lib->num_client_alpn_protocols = SSL_TSI_TEST_ALPN_NUM;
				443	alpn_lib->alpn_mode = NO_ALPN;
				444	ssl_fixture->alpn_lib = alpn_lib;
				445	ssl_fixture->base.vtable = &vtable;
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	446	ssl_fixture->server_name_indication = nullptr;
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	447	ssl_fixture->session_reused = false;
				448	ssl_fixture->session_ticket_key = nullptr;
				449	ssl_fixture->session_ticket_key_size = 0;
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	450	ssl_fixture->force_client_auth = false;
				451	return &ssl_fixture->base;
				452	}
				453
				454	void ssl_tsi_test_do_handshake_tiny_handshake_buffer() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	455	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	456	fixture->handshake_buffer_size = TSI_TEST_TINY_HANDSHAKE_BUFFER_SIZE;
				457	tsi_test_do_handshake(fixture);
				458	tsi_test_fixture_destroy(fixture);
				459	}
				460
				461	void ssl_tsi_test_do_handshake_small_handshake_buffer() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	462	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	463	fixture->handshake_buffer_size = TSI_TEST_SMALL_HANDSHAKE_BUFFER_SIZE;
				464	tsi_test_do_handshake(fixture);
				465	tsi_test_fixture_destroy(fixture);
				466	}
				467
				468	void ssl_tsi_test_do_handshake() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	469	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	470	tsi_test_do_handshake(fixture);
				471	tsi_test_fixture_destroy(fixture);
				472	}
				473
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	474	void ssl_tsi_test_do_handshake_with_root_store() {
				475	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
				476	ssl_tsi_test_fixture* ssl_fixture =
				477	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
				478	ssl_fixture->key_cert_lib->use_root_store = true;
				479	tsi_test_do_handshake(fixture);
				480	tsi_test_fixture_destroy(fixture);
				481	}
				482
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	483	void ssl_tsi_test_do_handshake_with_client_authentication() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	484	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	485	ssl_tsi_test_fixture* ssl_fixture =
				486	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	487	ssl_fixture->force_client_auth = true;
				488	tsi_test_do_handshake(fixture);
				489	tsi_test_fixture_destroy(fixture);
				490	}
				491
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	492	void ssl_tsi_test_do_handshake_with_client_authentication_and_root_store() {
				493	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
				494	ssl_tsi_test_fixture* ssl_fixture =
				495	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
				496	ssl_fixture->force_client_auth = true;
				497	ssl_fixture->key_cert_lib->use_root_store = true;
				498	tsi_test_do_handshake(fixture);
				499	tsi_test_fixture_destroy(fixture);
				500	}
				501
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	502	void ssl_tsi_test_do_handshake_with_server_name_indication_exact_domain() {
				503	/* server1 cert contains "waterzooi.test.google.be" in SAN. */
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	504	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	505	ssl_tsi_test_fixture* ssl_fixture =
				506	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yash Tibrewal	34a57d0	2017-10-23 15:33:21 -0700	[diff] [blame]	507	ssl_fixture->server_name_indication =
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	508	const_cast<char*>("waterzooi.test.google.be");
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	509	tsi_test_do_handshake(fixture);
				510	tsi_test_fixture_destroy(fixture);
				511	}
				512
				513	void ssl_tsi_test_do_handshake_with_server_name_indication_wild_star_domain() {
				514	/* server1 cert contains ".test.google.fr" in SAN. /
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	515	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	516	ssl_tsi_test_fixture* ssl_fixture =
				517	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yash Tibrewal	34a57d0	2017-10-23 15:33:21 -0700	[diff] [blame]	518	ssl_fixture->server_name_indication =
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	519	const_cast<char*>("juju.test.google.fr");
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	520	tsi_test_do_handshake(fixture);
				521	tsi_test_fixture_destroy(fixture);
				522	}
				523
				524	void ssl_tsi_test_do_handshake_with_bad_server_cert() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	525	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	526	ssl_tsi_test_fixture* ssl_fixture =
				527	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	528	ssl_fixture->key_cert_lib->use_bad_server_cert = true;
				529	tsi_test_do_handshake(fixture);
				530	tsi_test_fixture_destroy(fixture);
				531	}
				532
				533	void ssl_tsi_test_do_handshake_with_bad_client_cert() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	534	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	535	ssl_tsi_test_fixture* ssl_fixture =
				536	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	537	ssl_fixture->key_cert_lib->use_bad_client_cert = true;
				538	ssl_fixture->force_client_auth = true;
				539	tsi_test_do_handshake(fixture);
				540	tsi_test_fixture_destroy(fixture);
				541	}
				542
				543	void ssl_tsi_test_do_handshake_alpn_client_no_server() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	544	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	545	ssl_tsi_test_fixture* ssl_fixture =
				546	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	547	ssl_fixture->alpn_lib->alpn_mode = ALPN_CLIENT_NO_SERVER;
				548	tsi_test_do_handshake(fixture);
				549	tsi_test_fixture_destroy(fixture);
				550	}
				551
				552	void ssl_tsi_test_do_handshake_alpn_server_no_client() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	553	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	554	ssl_tsi_test_fixture* ssl_fixture =
				555	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	556	ssl_fixture->alpn_lib->alpn_mode = ALPN_SERVER_NO_CLIENT;
				557	tsi_test_do_handshake(fixture);
				558	tsi_test_fixture_destroy(fixture);
				559	}
				560
				561	void ssl_tsi_test_do_handshake_alpn_client_server_mismatch() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	562	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	563	ssl_tsi_test_fixture* ssl_fixture =
				564	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	565	ssl_fixture->alpn_lib->alpn_mode = ALPN_CLIENT_SERVER_MISMATCH;
				566	tsi_test_do_handshake(fixture);
				567	tsi_test_fixture_destroy(fixture);
				568	}
				569
				570	void ssl_tsi_test_do_handshake_alpn_client_server_ok() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	571	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	572	ssl_tsi_test_fixture* ssl_fixture =
				573	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	574	ssl_fixture->alpn_lib->alpn_mode = ALPN_CLIENT_SERVER_OK;
				575	tsi_test_do_handshake(fixture);
				576	tsi_test_fixture_destroy(fixture);
				577	}
				578
				579	void ssl_tsi_test_do_round_trip_for_all_configs() {
Yash Tibrewal	40422d5	2017-11-06 14:39:17 -0800	[diff] [blame]	580	unsigned int* bit_array = static_cast<unsigned int*>(
Yash Tibrewal	34a57d0	2017-10-23 15:33:21 -0700	[diff] [blame]	581	gpr_zalloc(sizeof(unsigned int) * TSI_TEST_NUM_OF_ARGUMENTS));
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	582	const unsigned int mask = 1U << (TSI_TEST_NUM_OF_ARGUMENTS - 1);
				583	for (unsigned int val = 0; val < TSI_TEST_NUM_OF_COMBINATIONS; val++) {
				584	unsigned int v = val;
				585	for (unsigned int ind = 0; ind < TSI_TEST_NUM_OF_ARGUMENTS; ind++) {
				586	bit_array[ind] = (v & mask) ? 1 : 0;
				587	v <<= 1;
				588	}
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	589	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	590	ssl_tsi_test_fixture* ssl_fixture =
				591	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	592	tsi_test_frame_protector_config_destroy(ssl_fixture->base.config);
				593	ssl_fixture->base.config = tsi_test_frame_protector_config_create(
				594	bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4],
Yihua Zhang	04fb58e	2018-03-08 06:49:24 -0800	[diff] [blame]	595	bit_array[5], bit_array[6]);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	596	tsi_test_do_round_trip(&ssl_fixture->base);
				597	tsi_test_fixture_destroy(fixture);
				598	}
				599	gpr_free(bit_array);
				600	}
				601
				602	void ssl_tsi_test_do_round_trip_odd_buffer_size() {
				603	const size_t odd_sizes[] = {1025, 2051, 4103, 8207, 16409};
				604	const size_t size = sizeof(odd_sizes) / sizeof(size_t);
				605	for (size_t ind1 = 0; ind1 < size; ind1++) {
				606	for (size_t ind2 = 0; ind2 < size; ind2++) {
				607	for (size_t ind3 = 0; ind3 < size; ind3++) {
				608	for (size_t ind4 = 0; ind4 < size; ind4++) {
				609	for (size_t ind5 = 0; ind5 < size; ind5++) {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	610	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
Noah Eisen	4d20a66	2018-02-09 09:34:04 -0800	[diff] [blame]	611	ssl_tsi_test_fixture* ssl_fixture =
				612	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	613	tsi_test_frame_protector_config_set_buffer_size(
				614	ssl_fixture->base.config, odd_sizes[ind1], odd_sizes[ind2],
				615	odd_sizes[ind3], odd_sizes[ind4], odd_sizes[ind5]);
				616	tsi_test_do_round_trip(&ssl_fixture->base);
				617	tsi_test_fixture_destroy(fixture);
				618	}
				619	}
				620	}
				621	}
				622	}
				623	}
				624
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	625	void ssl_tsi_test_do_handshake_session_cache() {
				626	tsi_ssl_session_cache* session_cache = tsi_ssl_session_cache_create_lru(16);
				627	char session_ticket_key[48];
				628	auto do_handshake = [&session_ticket_key,
				629	&session_cache](bool session_reused) {
				630	tsi_test_fixture* fixture = ssl_tsi_test_fixture_create();
				631	ssl_tsi_test_fixture* ssl_fixture =
				632	reinterpret_cast<ssl_tsi_test_fixture*>(fixture);
				633	ssl_fixture->server_name_indication =
				634	const_cast<char*>("waterzooi.test.google.be");
				635	ssl_fixture->session_ticket_key = session_ticket_key;
				636	ssl_fixture->session_ticket_key_size = 48;
				637	tsi_ssl_session_cache_ref(session_cache);
				638	ssl_fixture->session_cache = session_cache;
				639	ssl_fixture->session_reused = session_reused;
				640	tsi_test_do_round_trip(&ssl_fixture->base);
				641	tsi_test_fixture_destroy(fixture);
				642	};
				643	memset(session_ticket_key, 'a', 48);
				644	do_handshake(false);
				645	do_handshake(true);
				646	do_handshake(true);
				647	// Changing session_ticket_key on server invalidates ticket.
				648	memset(session_ticket_key, 'b', 48);
				649	do_handshake(false);
				650	do_handshake(true);
				651	memset(session_ticket_key, 'c', 48);
				652	do_handshake(false);
				653	do_handshake(true);
				654	tsi_ssl_session_cache_unref(session_cache);
				655	}
				656
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	657	static const tsi_ssl_handshaker_factory_vtable* original_vtable;
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	658	static bool handshaker_factory_destructor_called;
				659
				660	static void ssl_tsi_test_handshaker_factory_destructor(
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	661	tsi_ssl_handshaker_factory* factory) {
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	662	GPR_ASSERT(factory != nullptr);
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	663	handshaker_factory_destructor_called = true;
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	664	if (original_vtable != nullptr && original_vtable->destroy != nullptr) {
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	665	original_vtable->destroy(factory);
				666	}
				667	}
				668
				669	static tsi_ssl_handshaker_factory_vtable test_handshaker_factory_vtable = {
				670	ssl_tsi_test_handshaker_factory_destructor};
				671
				672	void test_tsi_ssl_client_handshaker_factory_refcounting() {
				673	int i;
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	674	char* cert_chain = load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "client.pem");
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	675
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	676	tsi_ssl_client_handshaker_options options;
				677	memset(&options, 0, sizeof(options));
				678	options.pem_root_certs = cert_chain;
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	679	tsi_ssl_client_handshaker_factory* client_handshaker_factory;
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	680	GPR_ASSERT(tsi_create_ssl_client_handshaker_factory_with_options(
				681	&options, &client_handshaker_factory) == TSI_OK);
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	682
				683	handshaker_factory_destructor_called = false;
				684	original_vtable = tsi_ssl_handshaker_factory_swap_vtable(
Noah Eisen	be82e64	2018-02-09 09:16:55 -0800	[diff] [blame]	685	reinterpret_cast<tsi_ssl_handshaker_factory*>(client_handshaker_factory),
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	686	&test_handshaker_factory_vtable);
				687
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	688	tsi_handshaker* handshaker[3];
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	689
				690	for (i = 0; i < 3; ++i) {
				691	GPR_ASSERT(tsi_ssl_client_handshaker_factory_create_handshaker(
				692	client_handshaker_factory, "google.com", &handshaker[i]) ==
				693	TSI_OK);
				694	}
				695
				696	tsi_handshaker_destroy(handshaker[1]);
				697	GPR_ASSERT(!handshaker_factory_destructor_called);
				698
				699	tsi_handshaker_destroy(handshaker[0]);
				700	GPR_ASSERT(!handshaker_factory_destructor_called);
				701
				702	tsi_ssl_client_handshaker_factory_unref(client_handshaker_factory);
				703	GPR_ASSERT(!handshaker_factory_destructor_called);
				704
				705	tsi_handshaker_destroy(handshaker[2]);
				706	GPR_ASSERT(handshaker_factory_destructor_called);
				707
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	708	gpr_free(cert_chain);
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	709	}
				710
				711	void test_tsi_ssl_server_handshaker_factory_refcounting() {
				712	int i;
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	713	tsi_ssl_server_handshaker_factory* server_handshaker_factory;
				714	tsi_handshaker* handshaker[3];
				715	const char* cert_chain =
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	716	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server0.pem");
				717	tsi_ssl_pem_key_cert_pair cert_pair;
				718
				719	cert_pair.cert_chain = cert_chain;
				720	cert_pair.private_key =
				721	load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server0.key");
				722
				723	GPR_ASSERT(tsi_create_ssl_server_handshaker_factory(
Craig Tiller	4ac2b8e	2017-11-10 14:14:17 -0800	[diff] [blame]	724	&cert_pair, 1, cert_chain, 0, nullptr, nullptr, 0,
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	725	&server_handshaker_factory) == TSI_OK);
				726
				727	handshaker_factory_destructor_called = false;
				728	original_vtable = tsi_ssl_handshaker_factory_swap_vtable(
Noah Eisen	be82e64	2018-02-09 09:16:55 -0800	[diff] [blame]	729	reinterpret_cast<tsi_ssl_handshaker_factory*>(server_handshaker_factory),
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	730	&test_handshaker_factory_vtable);
				731
				732	for (i = 0; i < 3; ++i) {
				733	GPR_ASSERT(tsi_ssl_server_handshaker_factory_create_handshaker(
				734	server_handshaker_factory, &handshaker[i]) == TSI_OK);
				735	}
				736
				737	tsi_handshaker_destroy(handshaker[1]);
				738	GPR_ASSERT(!handshaker_factory_destructor_called);
				739
				740	tsi_handshaker_destroy(handshaker[0]);
				741	GPR_ASSERT(!handshaker_factory_destructor_called);
				742
				743	tsi_ssl_server_handshaker_factory_unref(server_handshaker_factory);
				744	GPR_ASSERT(!handshaker_factory_destructor_called);
				745
				746	tsi_handshaker_destroy(handshaker[2]);
				747	GPR_ASSERT(handshaker_factory_destructor_called);
				748
				749	ssl_test_pem_key_cert_pair_destroy(cert_pair);
				750	}
				751
				752	/* Attempting to create a handshaker factory with invalid parameters should fail
				753	* but not crash. */
				754	void test_tsi_ssl_client_handshaker_factory_bad_params() {
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	755	const char* cert_chain = "This is not a valid PEM file.";
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	756
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	757	tsi_ssl_client_handshaker_factory* client_handshaker_factory;
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	758	tsi_ssl_client_handshaker_options options;
				759	memset(&options, 0, sizeof(options));
				760	options.pem_root_certs = cert_chain;
				761	GPR_ASSERT(tsi_create_ssl_client_handshaker_factory_with_options(
				762	&options, &client_handshaker_factory) == TSI_INVALID_ARGUMENT);
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	763	tsi_ssl_client_handshaker_factory_unref(client_handshaker_factory);
				764	}
				765
				766	void ssl_tsi_test_handshaker_factory_internals() {
				767	test_tsi_ssl_client_handshaker_factory_refcounting();
				768	test_tsi_ssl_server_handshaker_factory_refcounting();
				769	test_tsi_ssl_client_handshaker_factory_bad_params();
				770	}
				771
Craig Tiller	baa14a9	2017-11-03 09:09:36 -0700	[diff] [blame]	772	int main(int argc, char** argv) {
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	773	grpc_test_init(argc, argv);
				774	grpc_init();
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	775
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	776	ssl_tsi_test_do_handshake_tiny_handshake_buffer();
				777	ssl_tsi_test_do_handshake_small_handshake_buffer();
				778	ssl_tsi_test_do_handshake();
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	779	ssl_tsi_test_do_handshake_with_root_store();
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	780	ssl_tsi_test_do_handshake_with_client_authentication();
jiangtaoli2016	144f555	2018-03-23 11:28:48 -0700	[diff] [blame^]	781	ssl_tsi_test_do_handshake_with_client_authentication_and_root_store();
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	782	ssl_tsi_test_do_handshake_with_server_name_indication_exact_domain();
				783	ssl_tsi_test_do_handshake_with_server_name_indication_wild_star_domain();
				784	ssl_tsi_test_do_handshake_with_bad_server_cert();
				785	ssl_tsi_test_do_handshake_with_bad_client_cert();
jiangtaoli2016	19eddbe	2018-02-20 11:31:14 -0800	[diff] [blame]	786	#ifdef OPENSSL_IS_BORINGSSL
				787	// BoringSSL and OpenSSL have different behaviors on mismatched ALPN.
				788	ssl_tsi_test_do_handshake_alpn_client_no_server();
				789	ssl_tsi_test_do_handshake_alpn_client_server_mismatch();
				790	#endif
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	791	ssl_tsi_test_do_handshake_alpn_server_no_client();
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	792	ssl_tsi_test_do_handshake_alpn_client_server_ok();
Ruslan Nigmatullin	7ae3733	2018-02-21 16:44:35 -0800	[diff] [blame]	793	ssl_tsi_test_do_handshake_session_cache();
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	794	ssl_tsi_test_do_round_trip_for_all_configs();
				795	ssl_tsi_test_do_round_trip_odd_buffer_size();
Justin Burke	4984135	2017-08-31 17:42:54 -0700	[diff] [blame]	796	ssl_tsi_test_handshaker_factory_internals();
Yihua Zhang	7fab9bf	2017-08-22 12:32:43 -0700	[diff] [blame]	797	grpc_shutdown();
				798	return 0;
				799	}