Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 1 | /* |
| 2 | * |
| 3 | * Copyright 2017 gRPC authors. |
| 4 | * |
| 5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | * you may not use this file except in compliance with the License. |
| 7 | * You may obtain a copy of the License at |
| 8 | * |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
| 16 | * |
| 17 | */ |
| 18 | |
| 19 | #include <stdbool.h> |
| 20 | #include <stdio.h> |
| 21 | #include <string.h> |
| 22 | |
| 23 | #include "src/core/lib/iomgr/load_file.h" |
Yihua Zhang | 75f0a9f | 2018-02-20 10:09:47 -0800 | [diff] [blame] | 24 | #include "src/core/lib/security/security_connector/security_connector.h" |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 25 | #include "src/core/tsi/ssl_transport_security.h" |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 26 | #include "src/core/tsi/transport_security.h" |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 27 | #include "src/core/tsi/transport_security_adapter.h" |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 28 | #include "src/core/tsi/transport_security_interface.h" |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 29 | #include "test/core/tsi/transport_security_test_lib.h" |
| 30 | #include "test/core/util/test_config.h" |
| 31 | |
| 32 | #include <grpc/grpc.h> |
| 33 | #include <grpc/support/alloc.h> |
| 34 | #include <grpc/support/log.h> |
| 35 | #include <grpc/support/string_util.h> |
| 36 | |
| 37 | #define SSL_TSI_TEST_ALPN1 "foo" |
| 38 | #define SSL_TSI_TEST_ALPN2 "toto" |
| 39 | #define SSL_TSI_TEST_ALPN3 "baz" |
| 40 | #define SSL_TSI_TEST_ALPN_NUM 2 |
| 41 | #define SSL_TSI_TEST_SERVER_KEY_CERT_PAIRS_NUM 2 |
| 42 | #define SSL_TSI_TEST_BAD_SERVER_KEY_CERT_PAIRS_NUM 1 |
| 43 | #define SSL_TSI_TEST_CREDENTIALS_DIR "src/core/tsi/test_creds/" |
| 44 | |
| 45 | typedef enum AlpnMode { |
| 46 | NO_ALPN, |
| 47 | ALPN_CLIENT_NO_SERVER, |
| 48 | ALPN_SERVER_NO_CLIENT, |
| 49 | ALPN_CLIENT_SERVER_OK, |
| 50 | ALPN_CLIENT_SERVER_MISMATCH |
| 51 | } AlpnMode; |
| 52 | |
| 53 | typedef struct ssl_alpn_lib { |
| 54 | AlpnMode alpn_mode; |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 55 | const char** server_alpn_protocols; |
| 56 | const char** client_alpn_protocols; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 57 | uint16_t num_server_alpn_protocols; |
| 58 | uint16_t num_client_alpn_protocols; |
| 59 | } ssl_alpn_lib; |
| 60 | |
| 61 | typedef struct ssl_key_cert_lib { |
| 62 | bool use_bad_server_cert; |
| 63 | bool use_bad_client_cert; |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 64 | bool use_root_store; |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 65 | char* root_cert; |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 66 | tsi_ssl_root_certs_store* root_store; |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 67 | tsi_ssl_pem_key_cert_pair* server_pem_key_cert_pairs; |
| 68 | tsi_ssl_pem_key_cert_pair* bad_server_pem_key_cert_pairs; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 69 | tsi_ssl_pem_key_cert_pair client_pem_key_cert_pair; |
| 70 | tsi_ssl_pem_key_cert_pair bad_client_pem_key_cert_pair; |
| 71 | uint16_t server_num_key_cert_pairs; |
| 72 | uint16_t bad_server_num_key_cert_pairs; |
| 73 | } ssl_key_cert_lib; |
| 74 | |
| 75 | typedef struct ssl_tsi_test_fixture { |
| 76 | tsi_test_fixture base; |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 77 | ssl_key_cert_lib* key_cert_lib; |
| 78 | ssl_alpn_lib* alpn_lib; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 79 | bool force_client_auth; |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 80 | char* server_name_indication; |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 81 | tsi_ssl_session_cache* session_cache; |
| 82 | bool session_reused; |
| 83 | const char* session_ticket_key; |
| 84 | size_t session_ticket_key_size; |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 85 | tsi_ssl_server_handshaker_factory* server_handshaker_factory; |
| 86 | tsi_ssl_client_handshaker_factory* client_handshaker_factory; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 87 | } ssl_tsi_test_fixture; |
| 88 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 89 | static void ssl_test_setup_handshakers(tsi_test_fixture* fixture) { |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 90 | ssl_tsi_test_fixture* ssl_fixture = |
| 91 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 92 | GPR_ASSERT(ssl_fixture != nullptr); |
| 93 | GPR_ASSERT(ssl_fixture->key_cert_lib != nullptr); |
| 94 | GPR_ASSERT(ssl_fixture->alpn_lib != nullptr); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 95 | ssl_key_cert_lib* key_cert_lib = ssl_fixture->key_cert_lib; |
| 96 | ssl_alpn_lib* alpn_lib = ssl_fixture->alpn_lib; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 97 | /* Create client handshaker factory. */ |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 98 | tsi_ssl_client_handshaker_options client_options; |
| 99 | memset(&client_options, 0, sizeof(client_options)); |
| 100 | client_options.pem_root_certs = key_cert_lib->root_cert; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 101 | if (ssl_fixture->force_client_auth) { |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 102 | client_options.pem_key_cert_pair = |
| 103 | key_cert_lib->use_bad_client_cert |
| 104 | ? &key_cert_lib->bad_client_pem_key_cert_pair |
| 105 | : &key_cert_lib->client_pem_key_cert_pair; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 106 | } |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 107 | if (alpn_lib->alpn_mode == ALPN_CLIENT_NO_SERVER || |
| 108 | alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_OK || |
| 109 | alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_MISMATCH) { |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 110 | client_options.alpn_protocols = alpn_lib->client_alpn_protocols; |
| 111 | client_options.num_alpn_protocols = alpn_lib->num_client_alpn_protocols; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 112 | } |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 113 | client_options.root_store = |
| 114 | key_cert_lib->use_root_store ? key_cert_lib->root_store : nullptr; |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 115 | if (ssl_fixture->session_cache != nullptr) { |
| 116 | client_options.session_cache = ssl_fixture->session_cache; |
| 117 | } |
| 118 | GPR_ASSERT(tsi_create_ssl_client_handshaker_factory_with_options( |
| 119 | &client_options, &ssl_fixture->client_handshaker_factory) == |
| 120 | TSI_OK); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 121 | /* Create server handshaker factory. */ |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 122 | tsi_ssl_server_handshaker_options server_options; |
| 123 | memset(&server_options, 0, sizeof(server_options)); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 124 | if (alpn_lib->alpn_mode == ALPN_SERVER_NO_CLIENT || |
| 125 | alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_OK || |
| 126 | alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_MISMATCH) { |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 127 | server_options.alpn_protocols = alpn_lib->server_alpn_protocols; |
| 128 | server_options.num_alpn_protocols = alpn_lib->num_server_alpn_protocols; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 129 | if (alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_MISMATCH) { |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 130 | server_options.num_alpn_protocols--; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 131 | } |
| 132 | } |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 133 | server_options.pem_key_cert_pairs = |
| 134 | key_cert_lib->use_bad_server_cert |
| 135 | ? key_cert_lib->bad_server_pem_key_cert_pairs |
| 136 | : key_cert_lib->server_pem_key_cert_pairs; |
| 137 | server_options.num_key_cert_pairs = |
| 138 | key_cert_lib->use_bad_server_cert |
| 139 | ? key_cert_lib->bad_server_num_key_cert_pairs |
| 140 | : key_cert_lib->server_num_key_cert_pairs; |
| 141 | server_options.pem_client_root_certs = key_cert_lib->root_cert; |
| 142 | if (ssl_fixture->force_client_auth) { |
| 143 | server_options.client_certificate_request = |
| 144 | TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY; |
| 145 | } else { |
| 146 | server_options.client_certificate_request = |
| 147 | TSI_DONT_REQUEST_CLIENT_CERTIFICATE; |
| 148 | } |
| 149 | server_options.session_ticket_key = ssl_fixture->session_ticket_key; |
| 150 | server_options.session_ticket_key_size = ssl_fixture->session_ticket_key_size; |
| 151 | GPR_ASSERT(tsi_create_ssl_server_handshaker_factory_with_options( |
| 152 | &server_options, &ssl_fixture->server_handshaker_factory) == |
| 153 | TSI_OK); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 154 | /* Create server and client handshakers. */ |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 155 | tsi_handshaker* client_handshaker = nullptr; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 156 | GPR_ASSERT(tsi_ssl_client_handshaker_factory_create_handshaker( |
| 157 | ssl_fixture->client_handshaker_factory, |
| 158 | ssl_fixture->server_name_indication, |
| 159 | &client_handshaker) == TSI_OK); |
| 160 | ssl_fixture->base.client_handshaker = |
| 161 | tsi_create_adapter_handshaker(client_handshaker); |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 162 | tsi_handshaker* server_handshaker = nullptr; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 163 | GPR_ASSERT(tsi_ssl_server_handshaker_factory_create_handshaker( |
| 164 | ssl_fixture->server_handshaker_factory, &server_handshaker) == |
| 165 | TSI_OK); |
| 166 | ssl_fixture->base.server_handshaker = |
| 167 | tsi_create_adapter_handshaker(server_handshaker); |
| 168 | } |
| 169 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 170 | static void check_alpn(ssl_tsi_test_fixture* ssl_fixture, |
| 171 | const tsi_peer* peer) { |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 172 | GPR_ASSERT(ssl_fixture != nullptr); |
| 173 | GPR_ASSERT(ssl_fixture->alpn_lib != nullptr); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 174 | ssl_alpn_lib* alpn_lib = ssl_fixture->alpn_lib; |
| 175 | const tsi_peer_property* alpn_property = |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 176 | tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL); |
| 177 | if (alpn_lib->alpn_mode != ALPN_CLIENT_SERVER_OK) { |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 178 | GPR_ASSERT(alpn_property == nullptr); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 179 | } else { |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 180 | GPR_ASSERT(alpn_property != nullptr); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 181 | const char* expected_match = "baz"; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 182 | GPR_ASSERT(memcmp(alpn_property->value.data, expected_match, |
| 183 | alpn_property->value.length) == 0); |
| 184 | } |
| 185 | } |
| 186 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 187 | static const tsi_peer_property* |
| 188 | check_basic_authenticated_peer_and_get_common_name(const tsi_peer* peer) { |
| 189 | const tsi_peer_property* cert_type_property = |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 190 | tsi_peer_get_property_by_name(peer, TSI_CERTIFICATE_TYPE_PEER_PROPERTY); |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 191 | GPR_ASSERT(cert_type_property != nullptr); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 192 | GPR_ASSERT(memcmp(cert_type_property->value.data, TSI_X509_CERTIFICATE_TYPE, |
| 193 | cert_type_property->value.length) == 0); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 194 | const tsi_peer_property* property = tsi_peer_get_property_by_name( |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 195 | peer, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY); |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 196 | GPR_ASSERT(property != nullptr); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 197 | return property; |
| 198 | } |
| 199 | |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 200 | static void check_session_reusage(ssl_tsi_test_fixture* ssl_fixture, |
| 201 | tsi_peer* peer) { |
| 202 | const tsi_peer_property* session_reused = |
| 203 | tsi_peer_get_property_by_name(peer, TSI_SSL_SESSION_REUSED_PEER_PROPERTY); |
| 204 | GPR_ASSERT(session_reused != nullptr); |
| 205 | if (ssl_fixture->session_reused) { |
| 206 | GPR_ASSERT(strcmp(session_reused->value.data, "true") == 0); |
| 207 | } else { |
| 208 | GPR_ASSERT(strcmp(session_reused->value.data, "false") == 0); |
| 209 | } |
| 210 | } |
| 211 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 212 | void check_server0_peer(tsi_peer* peer) { |
| 213 | const tsi_peer_property* property = |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 214 | check_basic_authenticated_peer_and_get_common_name(peer); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 215 | const char* expected_match = "*.test.google.com.au"; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 216 | GPR_ASSERT(memcmp(property->value.data, expected_match, |
| 217 | property->value.length) == 0); |
| 218 | GPR_ASSERT(tsi_peer_get_property_by_name( |
| 219 | peer, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 220 | nullptr); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 221 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "foo.test.google.com.au") == 1); |
| 222 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "bar.test.google.com.au") == 1); |
| 223 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "bar.test.google.blah") == 0); |
| 224 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "foo.bar.test.google.com.au") == |
| 225 | 0); |
| 226 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "test.google.com.au") == 0); |
| 227 | tsi_peer_destruct(peer); |
| 228 | } |
| 229 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 230 | static bool check_subject_alt_name(tsi_peer* peer, const char* name) { |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 231 | for (size_t i = 0; i < peer->property_count; i++) { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 232 | const tsi_peer_property* prop = &peer->properties[i]; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 233 | if (strcmp(prop->name, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == |
| 234 | 0) { |
| 235 | if (memcmp(prop->value.data, name, prop->value.length) == 0) { |
| 236 | return true; |
| 237 | } |
| 238 | } |
| 239 | } |
| 240 | return false; |
| 241 | } |
| 242 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 243 | void check_server1_peer(tsi_peer* peer) { |
| 244 | const tsi_peer_property* property = |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 245 | check_basic_authenticated_peer_and_get_common_name(peer); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 246 | const char* expected_match = "*.test.google.com"; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 247 | GPR_ASSERT(memcmp(property->value.data, expected_match, |
| 248 | property->value.length) == 0); |
| 249 | GPR_ASSERT(check_subject_alt_name(peer, "*.test.google.fr") == 1); |
| 250 | GPR_ASSERT(check_subject_alt_name(peer, "waterzooi.test.google.be") == 1); |
| 251 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "foo.test.google.fr") == 1); |
| 252 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "bar.test.google.fr") == 1); |
| 253 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "waterzooi.test.google.be") == 1); |
| 254 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "foo.test.youtube.com") == 1); |
| 255 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "bar.foo.test.google.com") == 0); |
| 256 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "test.google.fr") == 0); |
| 257 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "tartines.test.google.be") == 0); |
| 258 | GPR_ASSERT(tsi_ssl_peer_matches_name(peer, "tartines.youtube.com") == 0); |
| 259 | tsi_peer_destruct(peer); |
| 260 | } |
| 261 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 262 | static void check_client_peer(ssl_tsi_test_fixture* ssl_fixture, |
| 263 | tsi_peer* peer) { |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 264 | GPR_ASSERT(ssl_fixture != nullptr); |
| 265 | GPR_ASSERT(ssl_fixture->alpn_lib != nullptr); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 266 | ssl_alpn_lib* alpn_lib = ssl_fixture->alpn_lib; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 267 | if (!ssl_fixture->force_client_auth) { |
| 268 | GPR_ASSERT(peer->property_count == |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 269 | (alpn_lib->alpn_mode == ALPN_CLIENT_SERVER_OK ? 2 : 1)); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 270 | } else { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 271 | const tsi_peer_property* property = |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 272 | check_basic_authenticated_peer_and_get_common_name(peer); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 273 | const char* expected_match = "testclient"; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 274 | GPR_ASSERT(memcmp(property->value.data, expected_match, |
| 275 | property->value.length) == 0); |
| 276 | } |
| 277 | tsi_peer_destruct(peer); |
| 278 | } |
| 279 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 280 | static void ssl_test_check_handshaker_peers(tsi_test_fixture* fixture) { |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 281 | ssl_tsi_test_fixture* ssl_fixture = |
| 282 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 283 | GPR_ASSERT(ssl_fixture != nullptr); |
| 284 | GPR_ASSERT(ssl_fixture->key_cert_lib != nullptr); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 285 | ssl_key_cert_lib* key_cert_lib = ssl_fixture->key_cert_lib; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 286 | tsi_peer peer; |
| 287 | bool expect_success = |
| 288 | !(key_cert_lib->use_bad_server_cert || |
| 289 | (key_cert_lib->use_bad_client_cert && ssl_fixture->force_client_auth)); |
| 290 | if (expect_success) { |
| 291 | GPR_ASSERT(tsi_handshaker_result_extract_peer( |
| 292 | ssl_fixture->base.client_result, &peer) == TSI_OK); |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 293 | check_session_reusage(ssl_fixture, &peer); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 294 | check_alpn(ssl_fixture, &peer); |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 295 | if (ssl_fixture->server_name_indication != nullptr) { |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 296 | check_server1_peer(&peer); |
| 297 | } else { |
| 298 | check_server0_peer(&peer); |
| 299 | } |
| 300 | } else { |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 301 | GPR_ASSERT(ssl_fixture->base.client_result == nullptr); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 302 | } |
| 303 | if (expect_success) { |
| 304 | GPR_ASSERT(tsi_handshaker_result_extract_peer( |
| 305 | ssl_fixture->base.server_result, &peer) == TSI_OK); |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 306 | check_session_reusage(ssl_fixture, &peer); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 307 | check_alpn(ssl_fixture, &peer); |
| 308 | check_client_peer(ssl_fixture, &peer); |
| 309 | } else { |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 310 | GPR_ASSERT(ssl_fixture->base.server_result == nullptr); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 311 | } |
| 312 | } |
| 313 | |
| 314 | static void ssl_test_pem_key_cert_pair_destroy(tsi_ssl_pem_key_cert_pair kp) { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 315 | gpr_free((void*)kp.private_key); |
| 316 | gpr_free((void*)kp.cert_chain); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 317 | } |
| 318 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 319 | static void ssl_test_destruct(tsi_test_fixture* fixture) { |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 320 | ssl_tsi_test_fixture* ssl_fixture = |
| 321 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 322 | if (ssl_fixture == nullptr) { |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 323 | return; |
| 324 | } |
| 325 | /* Destroy ssl_alpn_lib. */ |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 326 | ssl_alpn_lib* alpn_lib = ssl_fixture->alpn_lib; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 327 | for (size_t i = 0; i < alpn_lib->num_server_alpn_protocols; i++) { |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 328 | gpr_free(const_cast<char*>(alpn_lib->server_alpn_protocols[i])); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 329 | } |
| 330 | gpr_free(alpn_lib->server_alpn_protocols); |
| 331 | for (size_t i = 0; i < alpn_lib->num_client_alpn_protocols; i++) { |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 332 | gpr_free(const_cast<char*>(alpn_lib->client_alpn_protocols[i])); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 333 | } |
| 334 | gpr_free(alpn_lib->client_alpn_protocols); |
| 335 | gpr_free(alpn_lib); |
| 336 | /* Destroy ssl_key_cert_lib. */ |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 337 | ssl_key_cert_lib* key_cert_lib = ssl_fixture->key_cert_lib; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 338 | for (size_t i = 0; i < key_cert_lib->server_num_key_cert_pairs; i++) { |
| 339 | ssl_test_pem_key_cert_pair_destroy( |
| 340 | key_cert_lib->server_pem_key_cert_pairs[i]); |
| 341 | } |
| 342 | gpr_free(key_cert_lib->server_pem_key_cert_pairs); |
| 343 | for (size_t i = 0; i < key_cert_lib->bad_server_num_key_cert_pairs; i++) { |
| 344 | ssl_test_pem_key_cert_pair_destroy( |
| 345 | key_cert_lib->bad_server_pem_key_cert_pairs[i]); |
| 346 | } |
| 347 | gpr_free(key_cert_lib->bad_server_pem_key_cert_pairs); |
| 348 | ssl_test_pem_key_cert_pair_destroy(key_cert_lib->client_pem_key_cert_pair); |
| 349 | ssl_test_pem_key_cert_pair_destroy( |
| 350 | key_cert_lib->bad_client_pem_key_cert_pair); |
| 351 | gpr_free(key_cert_lib->root_cert); |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 352 | tsi_ssl_root_certs_store_destroy(key_cert_lib->root_store); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 353 | gpr_free(key_cert_lib); |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 354 | if (ssl_fixture->session_cache != nullptr) { |
| 355 | tsi_ssl_session_cache_unref(ssl_fixture->session_cache); |
| 356 | } |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 357 | /* Unreference others. */ |
| 358 | tsi_ssl_server_handshaker_factory_unref( |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 359 | ssl_fixture->server_handshaker_factory); |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 360 | tsi_ssl_client_handshaker_factory_unref( |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 361 | ssl_fixture->client_handshaker_factory); |
| 362 | } |
| 363 | |
| 364 | static const struct tsi_test_fixture_vtable vtable = { |
| 365 | ssl_test_setup_handshakers, ssl_test_check_handshaker_peers, |
| 366 | ssl_test_destruct}; |
| 367 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 368 | static char* load_file(const char* dir_path, const char* file_name) { |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 369 | char* file_path = static_cast<char*>( |
Yash Tibrewal | 34a57d0 | 2017-10-23 15:33:21 -0700 | [diff] [blame] | 370 | gpr_zalloc(sizeof(char) * (strlen(dir_path) + strlen(file_name) + 1))); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 371 | memcpy(file_path, dir_path, strlen(dir_path)); |
| 372 | memcpy(file_path + strlen(dir_path), file_name, strlen(file_name)); |
| 373 | grpc_slice slice; |
| 374 | GPR_ASSERT(grpc_load_file(file_path, 1, &slice) == GRPC_ERROR_NONE); |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 375 | char* data = grpc_slice_to_c_string(slice); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 376 | grpc_slice_unref(slice); |
| 377 | gpr_free(file_path); |
| 378 | return data; |
| 379 | } |
| 380 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 381 | static tsi_test_fixture* ssl_tsi_test_fixture_create() { |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 382 | ssl_tsi_test_fixture* ssl_fixture = |
| 383 | static_cast<ssl_tsi_test_fixture*>(gpr_zalloc(sizeof(*ssl_fixture))); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 384 | tsi_test_fixture_init(&ssl_fixture->base); |
| 385 | ssl_fixture->base.test_unused_bytes = false; |
| 386 | ssl_fixture->base.vtable = &vtable; |
| 387 | /* Create ssl_key_cert_lib. */ |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 388 | ssl_key_cert_lib* key_cert_lib = |
| 389 | static_cast<ssl_key_cert_lib*>(gpr_zalloc(sizeof(*key_cert_lib))); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 390 | key_cert_lib->use_bad_server_cert = false; |
| 391 | key_cert_lib->use_bad_client_cert = false; |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 392 | key_cert_lib->use_root_store = false; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 393 | key_cert_lib->server_num_key_cert_pairs = |
| 394 | SSL_TSI_TEST_SERVER_KEY_CERT_PAIRS_NUM; |
| 395 | key_cert_lib->bad_server_num_key_cert_pairs = |
| 396 | SSL_TSI_TEST_BAD_SERVER_KEY_CERT_PAIRS_NUM; |
| 397 | key_cert_lib->server_pem_key_cert_pairs = |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 398 | static_cast<tsi_ssl_pem_key_cert_pair*>( |
Yash Tibrewal | 34a57d0 | 2017-10-23 15:33:21 -0700 | [diff] [blame] | 399 | gpr_malloc(sizeof(tsi_ssl_pem_key_cert_pair) * |
| 400 | key_cert_lib->server_num_key_cert_pairs)); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 401 | key_cert_lib->bad_server_pem_key_cert_pairs = |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 402 | static_cast<tsi_ssl_pem_key_cert_pair*>( |
Yash Tibrewal | 34a57d0 | 2017-10-23 15:33:21 -0700 | [diff] [blame] | 403 | gpr_malloc(sizeof(tsi_ssl_pem_key_cert_pair) * |
| 404 | key_cert_lib->bad_server_num_key_cert_pairs)); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 405 | key_cert_lib->server_pem_key_cert_pairs[0].private_key = |
| 406 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server0.key"); |
| 407 | key_cert_lib->server_pem_key_cert_pairs[0].cert_chain = |
| 408 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server0.pem"); |
| 409 | key_cert_lib->server_pem_key_cert_pairs[1].private_key = |
| 410 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server1.key"); |
| 411 | key_cert_lib->server_pem_key_cert_pairs[1].cert_chain = |
| 412 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server1.pem"); |
| 413 | key_cert_lib->bad_server_pem_key_cert_pairs[0].private_key = |
| 414 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badserver.key"); |
| 415 | key_cert_lib->bad_server_pem_key_cert_pairs[0].cert_chain = |
| 416 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badserver.pem"); |
| 417 | key_cert_lib->client_pem_key_cert_pair.private_key = |
| 418 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "client.key"); |
| 419 | key_cert_lib->client_pem_key_cert_pair.cert_chain = |
| 420 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "client.pem"); |
| 421 | key_cert_lib->bad_client_pem_key_cert_pair.private_key = |
| 422 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badclient.key"); |
| 423 | key_cert_lib->bad_client_pem_key_cert_pair.cert_chain = |
| 424 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "badclient.pem"); |
| 425 | key_cert_lib->root_cert = load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "ca.pem"); |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 426 | key_cert_lib->root_store = |
| 427 | tsi_ssl_root_certs_store_create(key_cert_lib->root_cert); |
| 428 | GPR_ASSERT(key_cert_lib->root_store != nullptr); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 429 | ssl_fixture->key_cert_lib = key_cert_lib; |
| 430 | /* Create ssl_alpn_lib. */ |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 431 | ssl_alpn_lib* alpn_lib = |
| 432 | static_cast<ssl_alpn_lib*>(gpr_zalloc(sizeof(*alpn_lib))); |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 433 | alpn_lib->server_alpn_protocols = static_cast<const char**>( |
| 434 | gpr_zalloc(sizeof(char*) * SSL_TSI_TEST_ALPN_NUM)); |
| 435 | alpn_lib->client_alpn_protocols = static_cast<const char**>( |
| 436 | gpr_zalloc(sizeof(char*) * SSL_TSI_TEST_ALPN_NUM)); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 437 | alpn_lib->server_alpn_protocols[0] = gpr_strdup(SSL_TSI_TEST_ALPN1); |
| 438 | alpn_lib->server_alpn_protocols[1] = gpr_strdup(SSL_TSI_TEST_ALPN3); |
| 439 | alpn_lib->client_alpn_protocols[0] = gpr_strdup(SSL_TSI_TEST_ALPN2); |
| 440 | alpn_lib->client_alpn_protocols[1] = gpr_strdup(SSL_TSI_TEST_ALPN3); |
| 441 | alpn_lib->num_server_alpn_protocols = SSL_TSI_TEST_ALPN_NUM; |
| 442 | alpn_lib->num_client_alpn_protocols = SSL_TSI_TEST_ALPN_NUM; |
| 443 | alpn_lib->alpn_mode = NO_ALPN; |
| 444 | ssl_fixture->alpn_lib = alpn_lib; |
| 445 | ssl_fixture->base.vtable = &vtable; |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 446 | ssl_fixture->server_name_indication = nullptr; |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 447 | ssl_fixture->session_reused = false; |
| 448 | ssl_fixture->session_ticket_key = nullptr; |
| 449 | ssl_fixture->session_ticket_key_size = 0; |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 450 | ssl_fixture->force_client_auth = false; |
| 451 | return &ssl_fixture->base; |
| 452 | } |
| 453 | |
| 454 | void ssl_tsi_test_do_handshake_tiny_handshake_buffer() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 455 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 456 | fixture->handshake_buffer_size = TSI_TEST_TINY_HANDSHAKE_BUFFER_SIZE; |
| 457 | tsi_test_do_handshake(fixture); |
| 458 | tsi_test_fixture_destroy(fixture); |
| 459 | } |
| 460 | |
| 461 | void ssl_tsi_test_do_handshake_small_handshake_buffer() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 462 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 463 | fixture->handshake_buffer_size = TSI_TEST_SMALL_HANDSHAKE_BUFFER_SIZE; |
| 464 | tsi_test_do_handshake(fixture); |
| 465 | tsi_test_fixture_destroy(fixture); |
| 466 | } |
| 467 | |
| 468 | void ssl_tsi_test_do_handshake() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 469 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 470 | tsi_test_do_handshake(fixture); |
| 471 | tsi_test_fixture_destroy(fixture); |
| 472 | } |
| 473 | |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 474 | void ssl_tsi_test_do_handshake_with_root_store() { |
| 475 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
| 476 | ssl_tsi_test_fixture* ssl_fixture = |
| 477 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
| 478 | ssl_fixture->key_cert_lib->use_root_store = true; |
| 479 | tsi_test_do_handshake(fixture); |
| 480 | tsi_test_fixture_destroy(fixture); |
| 481 | } |
| 482 | |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 483 | void ssl_tsi_test_do_handshake_with_client_authentication() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 484 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 485 | ssl_tsi_test_fixture* ssl_fixture = |
| 486 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 487 | ssl_fixture->force_client_auth = true; |
| 488 | tsi_test_do_handshake(fixture); |
| 489 | tsi_test_fixture_destroy(fixture); |
| 490 | } |
| 491 | |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 492 | void ssl_tsi_test_do_handshake_with_client_authentication_and_root_store() { |
| 493 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
| 494 | ssl_tsi_test_fixture* ssl_fixture = |
| 495 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
| 496 | ssl_fixture->force_client_auth = true; |
| 497 | ssl_fixture->key_cert_lib->use_root_store = true; |
| 498 | tsi_test_do_handshake(fixture); |
| 499 | tsi_test_fixture_destroy(fixture); |
| 500 | } |
| 501 | |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 502 | void ssl_tsi_test_do_handshake_with_server_name_indication_exact_domain() { |
| 503 | /* server1 cert contains "waterzooi.test.google.be" in SAN. */ |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 504 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 505 | ssl_tsi_test_fixture* ssl_fixture = |
| 506 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yash Tibrewal | 34a57d0 | 2017-10-23 15:33:21 -0700 | [diff] [blame] | 507 | ssl_fixture->server_name_indication = |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 508 | const_cast<char*>("waterzooi.test.google.be"); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 509 | tsi_test_do_handshake(fixture); |
| 510 | tsi_test_fixture_destroy(fixture); |
| 511 | } |
| 512 | |
| 513 | void ssl_tsi_test_do_handshake_with_server_name_indication_wild_star_domain() { |
| 514 | /* server1 cert contains "*.test.google.fr" in SAN. */ |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 515 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 516 | ssl_tsi_test_fixture* ssl_fixture = |
| 517 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yash Tibrewal | 34a57d0 | 2017-10-23 15:33:21 -0700 | [diff] [blame] | 518 | ssl_fixture->server_name_indication = |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 519 | const_cast<char*>("juju.test.google.fr"); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 520 | tsi_test_do_handshake(fixture); |
| 521 | tsi_test_fixture_destroy(fixture); |
| 522 | } |
| 523 | |
| 524 | void ssl_tsi_test_do_handshake_with_bad_server_cert() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 525 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 526 | ssl_tsi_test_fixture* ssl_fixture = |
| 527 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 528 | ssl_fixture->key_cert_lib->use_bad_server_cert = true; |
| 529 | tsi_test_do_handshake(fixture); |
| 530 | tsi_test_fixture_destroy(fixture); |
| 531 | } |
| 532 | |
| 533 | void ssl_tsi_test_do_handshake_with_bad_client_cert() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 534 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 535 | ssl_tsi_test_fixture* ssl_fixture = |
| 536 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 537 | ssl_fixture->key_cert_lib->use_bad_client_cert = true; |
| 538 | ssl_fixture->force_client_auth = true; |
| 539 | tsi_test_do_handshake(fixture); |
| 540 | tsi_test_fixture_destroy(fixture); |
| 541 | } |
| 542 | |
| 543 | void ssl_tsi_test_do_handshake_alpn_client_no_server() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 544 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 545 | ssl_tsi_test_fixture* ssl_fixture = |
| 546 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 547 | ssl_fixture->alpn_lib->alpn_mode = ALPN_CLIENT_NO_SERVER; |
| 548 | tsi_test_do_handshake(fixture); |
| 549 | tsi_test_fixture_destroy(fixture); |
| 550 | } |
| 551 | |
| 552 | void ssl_tsi_test_do_handshake_alpn_server_no_client() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 553 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 554 | ssl_tsi_test_fixture* ssl_fixture = |
| 555 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 556 | ssl_fixture->alpn_lib->alpn_mode = ALPN_SERVER_NO_CLIENT; |
| 557 | tsi_test_do_handshake(fixture); |
| 558 | tsi_test_fixture_destroy(fixture); |
| 559 | } |
| 560 | |
| 561 | void ssl_tsi_test_do_handshake_alpn_client_server_mismatch() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 562 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 563 | ssl_tsi_test_fixture* ssl_fixture = |
| 564 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 565 | ssl_fixture->alpn_lib->alpn_mode = ALPN_CLIENT_SERVER_MISMATCH; |
| 566 | tsi_test_do_handshake(fixture); |
| 567 | tsi_test_fixture_destroy(fixture); |
| 568 | } |
| 569 | |
| 570 | void ssl_tsi_test_do_handshake_alpn_client_server_ok() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 571 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 572 | ssl_tsi_test_fixture* ssl_fixture = |
| 573 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 574 | ssl_fixture->alpn_lib->alpn_mode = ALPN_CLIENT_SERVER_OK; |
| 575 | tsi_test_do_handshake(fixture); |
| 576 | tsi_test_fixture_destroy(fixture); |
| 577 | } |
| 578 | |
| 579 | void ssl_tsi_test_do_round_trip_for_all_configs() { |
Yash Tibrewal | 40422d5 | 2017-11-06 14:39:17 -0800 | [diff] [blame] | 580 | unsigned int* bit_array = static_cast<unsigned int*>( |
Yash Tibrewal | 34a57d0 | 2017-10-23 15:33:21 -0700 | [diff] [blame] | 581 | gpr_zalloc(sizeof(unsigned int) * TSI_TEST_NUM_OF_ARGUMENTS)); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 582 | const unsigned int mask = 1U << (TSI_TEST_NUM_OF_ARGUMENTS - 1); |
| 583 | for (unsigned int val = 0; val < TSI_TEST_NUM_OF_COMBINATIONS; val++) { |
| 584 | unsigned int v = val; |
| 585 | for (unsigned int ind = 0; ind < TSI_TEST_NUM_OF_ARGUMENTS; ind++) { |
| 586 | bit_array[ind] = (v & mask) ? 1 : 0; |
| 587 | v <<= 1; |
| 588 | } |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 589 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 590 | ssl_tsi_test_fixture* ssl_fixture = |
| 591 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 592 | tsi_test_frame_protector_config_destroy(ssl_fixture->base.config); |
| 593 | ssl_fixture->base.config = tsi_test_frame_protector_config_create( |
| 594 | bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4], |
Yihua Zhang | 04fb58e | 2018-03-08 06:49:24 -0800 | [diff] [blame] | 595 | bit_array[5], bit_array[6]); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 596 | tsi_test_do_round_trip(&ssl_fixture->base); |
| 597 | tsi_test_fixture_destroy(fixture); |
| 598 | } |
| 599 | gpr_free(bit_array); |
| 600 | } |
| 601 | |
| 602 | void ssl_tsi_test_do_round_trip_odd_buffer_size() { |
| 603 | const size_t odd_sizes[] = {1025, 2051, 4103, 8207, 16409}; |
| 604 | const size_t size = sizeof(odd_sizes) / sizeof(size_t); |
| 605 | for (size_t ind1 = 0; ind1 < size; ind1++) { |
| 606 | for (size_t ind2 = 0; ind2 < size; ind2++) { |
| 607 | for (size_t ind3 = 0; ind3 < size; ind3++) { |
| 608 | for (size_t ind4 = 0; ind4 < size; ind4++) { |
| 609 | for (size_t ind5 = 0; ind5 < size; ind5++) { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 610 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
Noah Eisen | 4d20a66 | 2018-02-09 09:34:04 -0800 | [diff] [blame] | 611 | ssl_tsi_test_fixture* ssl_fixture = |
| 612 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 613 | tsi_test_frame_protector_config_set_buffer_size( |
| 614 | ssl_fixture->base.config, odd_sizes[ind1], odd_sizes[ind2], |
| 615 | odd_sizes[ind3], odd_sizes[ind4], odd_sizes[ind5]); |
| 616 | tsi_test_do_round_trip(&ssl_fixture->base); |
| 617 | tsi_test_fixture_destroy(fixture); |
| 618 | } |
| 619 | } |
| 620 | } |
| 621 | } |
| 622 | } |
| 623 | } |
| 624 | |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 625 | void ssl_tsi_test_do_handshake_session_cache() { |
| 626 | tsi_ssl_session_cache* session_cache = tsi_ssl_session_cache_create_lru(16); |
| 627 | char session_ticket_key[48]; |
| 628 | auto do_handshake = [&session_ticket_key, |
| 629 | &session_cache](bool session_reused) { |
| 630 | tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); |
| 631 | ssl_tsi_test_fixture* ssl_fixture = |
| 632 | reinterpret_cast<ssl_tsi_test_fixture*>(fixture); |
| 633 | ssl_fixture->server_name_indication = |
| 634 | const_cast<char*>("waterzooi.test.google.be"); |
| 635 | ssl_fixture->session_ticket_key = session_ticket_key; |
| 636 | ssl_fixture->session_ticket_key_size = 48; |
| 637 | tsi_ssl_session_cache_ref(session_cache); |
| 638 | ssl_fixture->session_cache = session_cache; |
| 639 | ssl_fixture->session_reused = session_reused; |
| 640 | tsi_test_do_round_trip(&ssl_fixture->base); |
| 641 | tsi_test_fixture_destroy(fixture); |
| 642 | }; |
| 643 | memset(session_ticket_key, 'a', 48); |
| 644 | do_handshake(false); |
| 645 | do_handshake(true); |
| 646 | do_handshake(true); |
| 647 | // Changing session_ticket_key on server invalidates ticket. |
| 648 | memset(session_ticket_key, 'b', 48); |
| 649 | do_handshake(false); |
| 650 | do_handshake(true); |
| 651 | memset(session_ticket_key, 'c', 48); |
| 652 | do_handshake(false); |
| 653 | do_handshake(true); |
| 654 | tsi_ssl_session_cache_unref(session_cache); |
| 655 | } |
| 656 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 657 | static const tsi_ssl_handshaker_factory_vtable* original_vtable; |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 658 | static bool handshaker_factory_destructor_called; |
| 659 | |
| 660 | static void ssl_tsi_test_handshaker_factory_destructor( |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 661 | tsi_ssl_handshaker_factory* factory) { |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 662 | GPR_ASSERT(factory != nullptr); |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 663 | handshaker_factory_destructor_called = true; |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 664 | if (original_vtable != nullptr && original_vtable->destroy != nullptr) { |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 665 | original_vtable->destroy(factory); |
| 666 | } |
| 667 | } |
| 668 | |
| 669 | static tsi_ssl_handshaker_factory_vtable test_handshaker_factory_vtable = { |
| 670 | ssl_tsi_test_handshaker_factory_destructor}; |
| 671 | |
| 672 | void test_tsi_ssl_client_handshaker_factory_refcounting() { |
| 673 | int i; |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 674 | char* cert_chain = load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "client.pem"); |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 675 | |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 676 | tsi_ssl_client_handshaker_options options; |
| 677 | memset(&options, 0, sizeof(options)); |
| 678 | options.pem_root_certs = cert_chain; |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 679 | tsi_ssl_client_handshaker_factory* client_handshaker_factory; |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 680 | GPR_ASSERT(tsi_create_ssl_client_handshaker_factory_with_options( |
| 681 | &options, &client_handshaker_factory) == TSI_OK); |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 682 | |
| 683 | handshaker_factory_destructor_called = false; |
| 684 | original_vtable = tsi_ssl_handshaker_factory_swap_vtable( |
Noah Eisen | be82e64 | 2018-02-09 09:16:55 -0800 | [diff] [blame] | 685 | reinterpret_cast<tsi_ssl_handshaker_factory*>(client_handshaker_factory), |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 686 | &test_handshaker_factory_vtable); |
| 687 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 688 | tsi_handshaker* handshaker[3]; |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 689 | |
| 690 | for (i = 0; i < 3; ++i) { |
| 691 | GPR_ASSERT(tsi_ssl_client_handshaker_factory_create_handshaker( |
| 692 | client_handshaker_factory, "google.com", &handshaker[i]) == |
| 693 | TSI_OK); |
| 694 | } |
| 695 | |
| 696 | tsi_handshaker_destroy(handshaker[1]); |
| 697 | GPR_ASSERT(!handshaker_factory_destructor_called); |
| 698 | |
| 699 | tsi_handshaker_destroy(handshaker[0]); |
| 700 | GPR_ASSERT(!handshaker_factory_destructor_called); |
| 701 | |
| 702 | tsi_ssl_client_handshaker_factory_unref(client_handshaker_factory); |
| 703 | GPR_ASSERT(!handshaker_factory_destructor_called); |
| 704 | |
| 705 | tsi_handshaker_destroy(handshaker[2]); |
| 706 | GPR_ASSERT(handshaker_factory_destructor_called); |
| 707 | |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 708 | gpr_free(cert_chain); |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 709 | } |
| 710 | |
| 711 | void test_tsi_ssl_server_handshaker_factory_refcounting() { |
| 712 | int i; |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 713 | tsi_ssl_server_handshaker_factory* server_handshaker_factory; |
| 714 | tsi_handshaker* handshaker[3]; |
| 715 | const char* cert_chain = |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 716 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server0.pem"); |
| 717 | tsi_ssl_pem_key_cert_pair cert_pair; |
| 718 | |
| 719 | cert_pair.cert_chain = cert_chain; |
| 720 | cert_pair.private_key = |
| 721 | load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "server0.key"); |
| 722 | |
| 723 | GPR_ASSERT(tsi_create_ssl_server_handshaker_factory( |
Craig Tiller | 4ac2b8e | 2017-11-10 14:14:17 -0800 | [diff] [blame] | 724 | &cert_pair, 1, cert_chain, 0, nullptr, nullptr, 0, |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 725 | &server_handshaker_factory) == TSI_OK); |
| 726 | |
| 727 | handshaker_factory_destructor_called = false; |
| 728 | original_vtable = tsi_ssl_handshaker_factory_swap_vtable( |
Noah Eisen | be82e64 | 2018-02-09 09:16:55 -0800 | [diff] [blame] | 729 | reinterpret_cast<tsi_ssl_handshaker_factory*>(server_handshaker_factory), |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 730 | &test_handshaker_factory_vtable); |
| 731 | |
| 732 | for (i = 0; i < 3; ++i) { |
| 733 | GPR_ASSERT(tsi_ssl_server_handshaker_factory_create_handshaker( |
| 734 | server_handshaker_factory, &handshaker[i]) == TSI_OK); |
| 735 | } |
| 736 | |
| 737 | tsi_handshaker_destroy(handshaker[1]); |
| 738 | GPR_ASSERT(!handshaker_factory_destructor_called); |
| 739 | |
| 740 | tsi_handshaker_destroy(handshaker[0]); |
| 741 | GPR_ASSERT(!handshaker_factory_destructor_called); |
| 742 | |
| 743 | tsi_ssl_server_handshaker_factory_unref(server_handshaker_factory); |
| 744 | GPR_ASSERT(!handshaker_factory_destructor_called); |
| 745 | |
| 746 | tsi_handshaker_destroy(handshaker[2]); |
| 747 | GPR_ASSERT(handshaker_factory_destructor_called); |
| 748 | |
| 749 | ssl_test_pem_key_cert_pair_destroy(cert_pair); |
| 750 | } |
| 751 | |
| 752 | /* Attempting to create a handshaker factory with invalid parameters should fail |
| 753 | * but not crash. */ |
| 754 | void test_tsi_ssl_client_handshaker_factory_bad_params() { |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 755 | const char* cert_chain = "This is not a valid PEM file."; |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 756 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 757 | tsi_ssl_client_handshaker_factory* client_handshaker_factory; |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 758 | tsi_ssl_client_handshaker_options options; |
| 759 | memset(&options, 0, sizeof(options)); |
| 760 | options.pem_root_certs = cert_chain; |
| 761 | GPR_ASSERT(tsi_create_ssl_client_handshaker_factory_with_options( |
| 762 | &options, &client_handshaker_factory) == TSI_INVALID_ARGUMENT); |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 763 | tsi_ssl_client_handshaker_factory_unref(client_handshaker_factory); |
| 764 | } |
| 765 | |
| 766 | void ssl_tsi_test_handshaker_factory_internals() { |
| 767 | test_tsi_ssl_client_handshaker_factory_refcounting(); |
| 768 | test_tsi_ssl_server_handshaker_factory_refcounting(); |
| 769 | test_tsi_ssl_client_handshaker_factory_bad_params(); |
| 770 | } |
| 771 | |
Craig Tiller | baa14a9 | 2017-11-03 09:09:36 -0700 | [diff] [blame] | 772 | int main(int argc, char** argv) { |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 773 | grpc_test_init(argc, argv); |
| 774 | grpc_init(); |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 775 | |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 776 | ssl_tsi_test_do_handshake_tiny_handshake_buffer(); |
| 777 | ssl_tsi_test_do_handshake_small_handshake_buffer(); |
| 778 | ssl_tsi_test_do_handshake(); |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 779 | ssl_tsi_test_do_handshake_with_root_store(); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 780 | ssl_tsi_test_do_handshake_with_client_authentication(); |
jiangtaoli2016 | 144f555 | 2018-03-23 11:28:48 -0700 | [diff] [blame^] | 781 | ssl_tsi_test_do_handshake_with_client_authentication_and_root_store(); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 782 | ssl_tsi_test_do_handshake_with_server_name_indication_exact_domain(); |
| 783 | ssl_tsi_test_do_handshake_with_server_name_indication_wild_star_domain(); |
| 784 | ssl_tsi_test_do_handshake_with_bad_server_cert(); |
| 785 | ssl_tsi_test_do_handshake_with_bad_client_cert(); |
jiangtaoli2016 | 19eddbe | 2018-02-20 11:31:14 -0800 | [diff] [blame] | 786 | #ifdef OPENSSL_IS_BORINGSSL |
| 787 | // BoringSSL and OpenSSL have different behaviors on mismatched ALPN. |
| 788 | ssl_tsi_test_do_handshake_alpn_client_no_server(); |
| 789 | ssl_tsi_test_do_handshake_alpn_client_server_mismatch(); |
| 790 | #endif |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 791 | ssl_tsi_test_do_handshake_alpn_server_no_client(); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 792 | ssl_tsi_test_do_handshake_alpn_client_server_ok(); |
Ruslan Nigmatullin | 7ae3733 | 2018-02-21 16:44:35 -0800 | [diff] [blame] | 793 | ssl_tsi_test_do_handshake_session_cache(); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 794 | ssl_tsi_test_do_round_trip_for_all_configs(); |
| 795 | ssl_tsi_test_do_round_trip_odd_buffer_size(); |
Justin Burke | 4984135 | 2017-08-31 17:42:54 -0700 | [diff] [blame] | 796 | ssl_tsi_test_handshaker_factory_internals(); |
Yihua Zhang | 7fab9bf | 2017-08-22 12:32:43 -0700 | [diff] [blame] | 797 | grpc_shutdown(); |
| 798 | return 0; |
| 799 | } |