xds/src/test/java/io/grpc/xds/internal/sds/CommonTlsContextTestsUtil.java - platform/external/grpc-grpc-java - Git at Google

 /*
  * Copyright 2020 The gRPC Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package io.grpc.xds.internal.sds;

 import com.google.common.base.Strings;
 import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
 import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
 import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext;
 import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext;
 import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig;
 import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
 import io.envoyproxy.envoy.api.v2.core.DataSource;
 import java.util.Arrays;

 /** Utility class for client and server ssl provider tests. */
 public class CommonTlsContextTestsUtil {

   static SdsSecretConfig buildSdsSecretConfig(String name, String targetUri, String channelType) {
     SdsSecretConfig sdsSecretConfig = null;
     if (!Strings.isNullOrEmpty(name) && !Strings.isNullOrEmpty(targetUri)) {
       sdsSecretConfig =
           SdsSecretConfig.newBuilder()
               .setName(name)
               .setSdsConfig(SdsClientTest.buildConfigSource(targetUri, channelType))
               .build();
     }
     return sdsSecretConfig;
   }

   static CommonTlsContext buildCommonTlsContextFromSdsConfigForValidationContext(
       String name, String targetUri, String privateKey, String certChain) {
     SdsSecretConfig sdsSecretConfig =
         buildSdsSecretConfig(name, targetUri, /* channelType= */ null);

     CommonTlsContext.Builder builder =
         CommonTlsContext.newBuilder().setValidationContextSdsSecretConfig(sdsSecretConfig);

     if (!Strings.isNullOrEmpty(privateKey) && !Strings.isNullOrEmpty(certChain)) {
       builder.addTlsCertificates(
           TlsCertificate.newBuilder()
               .setCertificateChain(DataSource.newBuilder().setFilename(certChain))
               .setPrivateKey(DataSource.newBuilder().setFilename(privateKey))
               .build());
     }
     return builder.build();
   }

   static CommonTlsContext buildCommonTlsContextFromSdsConfigForTlsCertificate(
       String name, String targetUri, String trustCa) {

     SdsSecretConfig sdsSecretConfig =
         buildSdsSecretConfig(name, targetUri, /* channelType= */ null);
     CommonTlsContext.Builder builder =
         CommonTlsContext.newBuilder().addTlsCertificateSdsSecretConfigs(sdsSecretConfig);

     if (!Strings.isNullOrEmpty(trustCa)) {
       builder.setValidationContext(
           CertificateValidationContext.newBuilder()
               .setTrustedCa(DataSource.newBuilder().setFilename(trustCa))
               .build());
     }
     return builder.build();
   }

   /** takes additional values and creates CombinedCertificateValidationContext as needed. */
   static CommonTlsContext buildCommonTlsContextWithAdditionalValues(
       String certName,
       String certTargetUri,
       String validationContextName,
       String validationContextTargetUri,
       Iterable<String> verifySubjectAltNames,
       Iterable<String> alpnNames,
       String channelType) {

     CommonTlsContext.Builder builder = CommonTlsContext.newBuilder();

     SdsSecretConfig sdsSecretConfig = buildSdsSecretConfig(certName, certTargetUri, channelType);
     if (sdsSecretConfig != null) {
       builder.addTlsCertificateSdsSecretConfigs(sdsSecretConfig);
     }
     sdsSecretConfig =
         buildSdsSecretConfig(validationContextName, validationContextTargetUri, channelType);
     CertificateValidationContext certValidationContext =
         verifySubjectAltNames == null ? null
             : CertificateValidationContext.newBuilder()
                 .addAllVerifySubjectAltName(verifySubjectAltNames).build();

     if (sdsSecretConfig != null && certValidationContext != null) {
       CombinedCertificateValidationContext.Builder combinedBuilder =
           CombinedCertificateValidationContext.newBuilder()
               .setDefaultValidationContext(certValidationContext)
               .setValidationContextSdsSecretConfig(sdsSecretConfig);
       builder.setCombinedValidationContext(combinedBuilder);
     } else if (sdsSecretConfig != null) {
       builder.setValidationContextSdsSecretConfig(sdsSecretConfig);
     } else if (certValidationContext != null) {
       builder.setValidationContext(certValidationContext);
     }
     if (alpnNames != null) {
       builder.addAllAlpnProtocols(alpnNames);
     }
     return builder.build();
   }

   /**
    * Helper method to build DownstreamTlsContext for multiple test classes.
    */
   static DownstreamTlsContext buildDownstreamTlsContext(CommonTlsContext commonTlsContext) {
     DownstreamTlsContext downstreamTlsContext =
         DownstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
     return downstreamTlsContext;
   }

   /** Helper method for creating DownstreamTlsContext values for tests. */
   public static DownstreamTlsContext buildTestDownstreamTlsContext() {
     return buildDownstreamTlsContext(
         buildCommonTlsContextWithAdditionalValues(
             "google-sds-config-default",
             "unix:/var/run/sds/uds_path",
             "ROOTCA",
             "unix:/var/run/sds/uds_path",
             Arrays.asList("spiffe://grpc-sds-testing.svc.id.goog/ns/default/sa/bob"),
             Arrays.asList("managed-tls"),
             null
         ));
   }
 }
	/*
	* Copyright 2020 The gRPC Authors
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package io.grpc.xds.internal.sds;

	import com.google.common.base.Strings;
	import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
	import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
	import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext;
	import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext;
	import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig;
	import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
	import io.envoyproxy.envoy.api.v2.core.DataSource;
	import java.util.Arrays;

	/** Utility class for client and server ssl provider tests. */
	public class CommonTlsContextTestsUtil {

	static SdsSecretConfig buildSdsSecretConfig(String name, String targetUri, String channelType) {
	SdsSecretConfig sdsSecretConfig = null;
	if (!Strings.isNullOrEmpty(name) && !Strings.isNullOrEmpty(targetUri)) {
	sdsSecretConfig =
	SdsSecretConfig.newBuilder()
	.setName(name)
	.setSdsConfig(SdsClientTest.buildConfigSource(targetUri, channelType))
	.build();
	}
	return sdsSecretConfig;
	}

	static CommonTlsContext buildCommonTlsContextFromSdsConfigForValidationContext(
	String name, String targetUri, String privateKey, String certChain) {
	SdsSecretConfig sdsSecretConfig =
	buildSdsSecretConfig(name, targetUri, /* channelType= */ null);

	CommonTlsContext.Builder builder =
	CommonTlsContext.newBuilder().setValidationContextSdsSecretConfig(sdsSecretConfig);

	if (!Strings.isNullOrEmpty(privateKey) && !Strings.isNullOrEmpty(certChain)) {
	builder.addTlsCertificates(
	TlsCertificate.newBuilder()
	.setCertificateChain(DataSource.newBuilder().setFilename(certChain))
	.setPrivateKey(DataSource.newBuilder().setFilename(privateKey))
	.build());
	}
	return builder.build();
	}

	static CommonTlsContext buildCommonTlsContextFromSdsConfigForTlsCertificate(
	String name, String targetUri, String trustCa) {

	SdsSecretConfig sdsSecretConfig =
	buildSdsSecretConfig(name, targetUri, /* channelType= */ null);
	CommonTlsContext.Builder builder =
	CommonTlsContext.newBuilder().addTlsCertificateSdsSecretConfigs(sdsSecretConfig);

	if (!Strings.isNullOrEmpty(trustCa)) {
	builder.setValidationContext(
	CertificateValidationContext.newBuilder()
	.setTrustedCa(DataSource.newBuilder().setFilename(trustCa))
	.build());
	}
	return builder.build();
	}

	/** takes additional values and creates CombinedCertificateValidationContext as needed. */
	static CommonTlsContext buildCommonTlsContextWithAdditionalValues(
	String certName,
	String certTargetUri,
	String validationContextName,
	String validationContextTargetUri,
	Iterable<String> verifySubjectAltNames,
	Iterable<String> alpnNames,
	String channelType) {

	CommonTlsContext.Builder builder = CommonTlsContext.newBuilder();

	SdsSecretConfig sdsSecretConfig = buildSdsSecretConfig(certName, certTargetUri, channelType);
	if (sdsSecretConfig != null) {
	builder.addTlsCertificateSdsSecretConfigs(sdsSecretConfig);
	}
	sdsSecretConfig =
	buildSdsSecretConfig(validationContextName, validationContextTargetUri, channelType);
	CertificateValidationContext certValidationContext =
	verifySubjectAltNames == null ? null
	: CertificateValidationContext.newBuilder()
	.addAllVerifySubjectAltName(verifySubjectAltNames).build();

	if (sdsSecretConfig != null && certValidationContext != null) {
	CombinedCertificateValidationContext.Builder combinedBuilder =
	CombinedCertificateValidationContext.newBuilder()
	.setDefaultValidationContext(certValidationContext)
	.setValidationContextSdsSecretConfig(sdsSecretConfig);
	builder.setCombinedValidationContext(combinedBuilder);
	} else if (sdsSecretConfig != null) {
	builder.setValidationContextSdsSecretConfig(sdsSecretConfig);
	} else if (certValidationContext != null) {
	builder.setValidationContext(certValidationContext);
	}
	if (alpnNames != null) {
	builder.addAllAlpnProtocols(alpnNames);
	}
	return builder.build();
	}

	/**
	* Helper method to build DownstreamTlsContext for multiple test classes.
	*/
	static DownstreamTlsContext buildDownstreamTlsContext(CommonTlsContext commonTlsContext) {
	DownstreamTlsContext downstreamTlsContext =
	DownstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
	return downstreamTlsContext;
	}

	/** Helper method for creating DownstreamTlsContext values for tests. */
	public static DownstreamTlsContext buildTestDownstreamTlsContext() {
	return buildDownstreamTlsContext(
	buildCommonTlsContextWithAdditionalValues(
	"google-sds-config-default",
	"unix:/var/run/sds/uds_path",
	"ROOTCA",
	"unix:/var/run/sds/uds_path",
	Arrays.asList("spiffe://grpc-sds-testing.svc.id.goog/ns/default/sa/bob"),
	Arrays.asList("managed-tls"),
	null
	));
	}
	}