xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java - platform/external/grpc-grpc-java - Git at Google

 /*
  * Copyright 2019 The gRPC Authors
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package io.grpc.xds.internal.security;

 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_PEM_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE;
 import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;

 import io.grpc.xds.Bootstrapper;
 import io.grpc.xds.CommonBootstrapperTestUtils;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;

 /** Unit tests for {@link TlsContextManagerImpl}. */
 @RunWith(JUnit4.class)
 public class TlsContextManagerTest {

   @Rule public final MockitoRule mockitoRule = MockitoJUnit.rule();

   @Mock ValueFactory<UpstreamTlsContext, SslContextProvider> mockClientFactory;

   @Mock ValueFactory<DownstreamTlsContext, SslContextProvider> mockServerFactory;

   @Test
   public void createServerSslContextProvider() {
     Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE,
             SERVER_1_PEM_FILE, CA_PEM_FILE, null, null, null, null);
     DownstreamTlsContext downstreamTlsContext =
         CommonTlsContextTestsUtil.buildDownstreamTlsContext(
             "google_cloud_private_spiffe-server", false, false);

     TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForServer);
     SslContextProvider serverSecretProvider =
         tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
     assertThat(serverSecretProvider).isNotNull();

     SslContextProvider serverSecretProvider1 =
         tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
     assertThat(serverSecretProvider1).isSameInstanceAs(serverSecretProvider);
   }

   @Test
   public void createClientSslContextProvider() {
     Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
             CA_PEM_FILE, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
             .buildUpstreamTlsContext("google_cloud_private_spiffe-client", false);

     TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForClient);
     SslContextProvider clientSecretProvider =
         tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext);
     assertThat(clientSecretProvider).isNotNull();

     SslContextProvider clientSecretProvider1 =
         tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext);
     assertThat(clientSecretProvider1).isSameInstanceAs(clientSecretProvider);
   }

   @Test
   public void createServerSslContextProvider_differentInstance() {
     Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE,
             SERVER_1_PEM_FILE, CA_PEM_FILE, "cert-instance2", SERVER_0_KEY_FILE, SERVER_0_PEM_FILE,
             CA_PEM_FILE);
     DownstreamTlsContext downstreamTlsContext =
         CommonTlsContextTestsUtil.buildDownstreamTlsContext(
             "google_cloud_private_spiffe-server", false, false);

     TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForServer);
     SslContextProvider serverSecretProvider =
         tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
     assertThat(serverSecretProvider).isNotNull();

     DownstreamTlsContext downstreamTlsContext1 =
         CommonTlsContextTestsUtil.buildDownstreamTlsContext(
             "cert-instance2", true, true);

     SslContextProvider serverSecretProvider1 =
         tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext1);
     assertThat(serverSecretProvider1).isNotNull();
     assertThat(serverSecretProvider1).isNotSameInstanceAs(serverSecretProvider);
   }

   @Test
   public void createClientSslContextProvider_differentInstance() {
     Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
         .buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
             CA_PEM_FILE, "cert-instance-2", CLIENT_KEY_FILE, CLIENT_PEM_FILE, CA_PEM_FILE);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
             .buildUpstreamTlsContext("google_cloud_private_spiffe-client", false);

     TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForClient);
     SslContextProvider clientSecretProvider =
         tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext);
     assertThat(clientSecretProvider).isNotNull();

     UpstreamTlsContext upstreamTlsContext1 =
         CommonTlsContextTestsUtil.buildUpstreamTlsContext("cert-instance-2", true);

     SslContextProvider clientSecretProvider1 =
         tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext1);
     assertThat(clientSecretProvider1).isNotSameInstanceAs(clientSecretProvider);
   }

   @Test
   public void createServerSslContextProvider_releaseInstance() {
     DownstreamTlsContext downstreamTlsContext =
         CommonTlsContextTestsUtil.buildDownstreamTlsContext(
             "google_cloud_private_spiffe-server", false, false);

     TlsContextManagerImpl tlsContextManagerImpl =
         new TlsContextManagerImpl(mockClientFactory, mockServerFactory);
     SslContextProvider mockProvider = mock(SslContextProvider.class);
     when(mockServerFactory.create(downstreamTlsContext)).thenReturn(mockProvider);
     SslContextProvider serverSecretProvider =
         tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
     assertThat(serverSecretProvider).isSameInstanceAs(mockProvider);
     verify(mockProvider, never()).close();
     when(mockProvider.getDownstreamTlsContext()).thenReturn(downstreamTlsContext);
     tlsContextManagerImpl.releaseServerSslContextProvider(mockProvider);
     verify(mockProvider, times(1)).close();
   }

   @Test
   public void createClientSslContextProvider_releaseInstance() {
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
             .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);

     TlsContextManagerImpl tlsContextManagerImpl =
         new TlsContextManagerImpl(mockClientFactory, mockServerFactory);
     SslContextProvider mockProvider = mock(SslContextProvider.class);
     when(mockClientFactory.create(upstreamTlsContext)).thenReturn(mockProvider);
     SslContextProvider clientSecretProvider =
         tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext);
     assertThat(clientSecretProvider).isSameInstanceAs(mockProvider);
     verify(mockProvider, never()).close();
     when(mockProvider.getUpstreamTlsContext()).thenReturn(upstreamTlsContext);
     tlsContextManagerImpl.releaseClientSslContextProvider(mockProvider);
     verify(mockProvider, times(1)).close();
   }
 }
	/*
	* Copyright 2019 The gRPC Authors
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package io.grpc.xds.internal.security;

	import static com.google.common.truth.Truth.assertThat;
	import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CA_PEM_FILE;
	import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_KEY_FILE;
	import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
	import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_KEY_FILE;
	import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_0_PEM_FILE;
	import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE;
	import static io.grpc.xds.internal.security.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE;
	import static org.mockito.Mockito.mock;
	import static org.mockito.Mockito.never;
	import static org.mockito.Mockito.times;
	import static org.mockito.Mockito.verify;
	import static org.mockito.Mockito.when;

	import io.grpc.xds.Bootstrapper;
	import io.grpc.xds.CommonBootstrapperTestUtils;
	import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
	import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
	import io.grpc.xds.internal.security.ReferenceCountingMap.ValueFactory;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.junit.runners.JUnit4;
	import org.mockito.Mock;
	import org.mockito.junit.MockitoJUnit;
	import org.mockito.junit.MockitoRule;

	/** Unit tests for {@link TlsContextManagerImpl}. */
	@RunWith(JUnit4.class)
	public class TlsContextManagerTest {

	@Rule public final MockitoRule mockitoRule = MockitoJUnit.rule();

	@Mock ValueFactory<UpstreamTlsContext, SslContextProvider> mockClientFactory;

	@Mock ValueFactory<DownstreamTlsContext, SslContextProvider> mockServerFactory;

	@Test
	public void createServerSslContextProvider() {
	Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils
	.buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE,
	SERVER_1_PEM_FILE, CA_PEM_FILE, null, null, null, null);
	DownstreamTlsContext downstreamTlsContext =
	CommonTlsContextTestsUtil.buildDownstreamTlsContext(
	"google_cloud_private_spiffe-server", false, false);

	TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForServer);
	SslContextProvider serverSecretProvider =
	tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
	assertThat(serverSecretProvider).isNotNull();

	SslContextProvider serverSecretProvider1 =
	tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
	assertThat(serverSecretProvider1).isSameInstanceAs(serverSecretProvider);
	}

	@Test
	public void createClientSslContextProvider() {
	Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
	.buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
	CA_PEM_FILE, null, null, null, null);
	UpstreamTlsContext upstreamTlsContext =
	CommonTlsContextTestsUtil
	.buildUpstreamTlsContext("google_cloud_private_spiffe-client", false);

	TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForClient);
	SslContextProvider clientSecretProvider =
	tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext);
	assertThat(clientSecretProvider).isNotNull();

	SslContextProvider clientSecretProvider1 =
	tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext);
	assertThat(clientSecretProvider1).isSameInstanceAs(clientSecretProvider);
	}

	@Test
	public void createServerSslContextProvider_differentInstance() {
	Bootstrapper.BootstrapInfo bootstrapInfoForServer = CommonBootstrapperTestUtils
	.buildBootstrapInfo("google_cloud_private_spiffe-server", SERVER_1_KEY_FILE,
	SERVER_1_PEM_FILE, CA_PEM_FILE, "cert-instance2", SERVER_0_KEY_FILE, SERVER_0_PEM_FILE,
	CA_PEM_FILE);
	DownstreamTlsContext downstreamTlsContext =
	CommonTlsContextTestsUtil.buildDownstreamTlsContext(
	"google_cloud_private_spiffe-server", false, false);

	TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForServer);
	SslContextProvider serverSecretProvider =
	tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
	assertThat(serverSecretProvider).isNotNull();

	DownstreamTlsContext downstreamTlsContext1 =
	CommonTlsContextTestsUtil.buildDownstreamTlsContext(
	"cert-instance2", true, true);

	SslContextProvider serverSecretProvider1 =
	tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext1);
	assertThat(serverSecretProvider1).isNotNull();
	assertThat(serverSecretProvider1).isNotSameInstanceAs(serverSecretProvider);
	}

	@Test
	public void createClientSslContextProvider_differentInstance() {
	Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils
	.buildBootstrapInfo("google_cloud_private_spiffe-client", CLIENT_KEY_FILE, CLIENT_PEM_FILE,
	CA_PEM_FILE, "cert-instance-2", CLIENT_KEY_FILE, CLIENT_PEM_FILE, CA_PEM_FILE);
	UpstreamTlsContext upstreamTlsContext =
	CommonTlsContextTestsUtil
	.buildUpstreamTlsContext("google_cloud_private_spiffe-client", false);

	TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForClient);
	SslContextProvider clientSecretProvider =
	tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext);
	assertThat(clientSecretProvider).isNotNull();

	UpstreamTlsContext upstreamTlsContext1 =
	CommonTlsContextTestsUtil.buildUpstreamTlsContext("cert-instance-2", true);

	SslContextProvider clientSecretProvider1 =
	tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext1);
	assertThat(clientSecretProvider1).isNotSameInstanceAs(clientSecretProvider);
	}

	@Test
	public void createServerSslContextProvider_releaseInstance() {
	DownstreamTlsContext downstreamTlsContext =
	CommonTlsContextTestsUtil.buildDownstreamTlsContext(
	"google_cloud_private_spiffe-server", false, false);

	TlsContextManagerImpl tlsContextManagerImpl =
	new TlsContextManagerImpl(mockClientFactory, mockServerFactory);
	SslContextProvider mockProvider = mock(SslContextProvider.class);
	when(mockServerFactory.create(downstreamTlsContext)).thenReturn(mockProvider);
	SslContextProvider serverSecretProvider =
	tlsContextManagerImpl.findOrCreateServerSslContextProvider(downstreamTlsContext);
	assertThat(serverSecretProvider).isSameInstanceAs(mockProvider);
	verify(mockProvider, never()).close();
	when(mockProvider.getDownstreamTlsContext()).thenReturn(downstreamTlsContext);
	tlsContextManagerImpl.releaseServerSslContextProvider(mockProvider);
	verify(mockProvider, times(1)).close();
	}

	@Test
	public void createClientSslContextProvider_releaseInstance() {
	UpstreamTlsContext upstreamTlsContext =
	CommonTlsContextTestsUtil
	.buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);

	TlsContextManagerImpl tlsContextManagerImpl =
	new TlsContextManagerImpl(mockClientFactory, mockServerFactory);
	SslContextProvider mockProvider = mock(SslContextProvider.class);
	when(mockClientFactory.create(upstreamTlsContext)).thenReturn(mockProvider);
	SslContextProvider clientSecretProvider =
	tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext);
	assertThat(clientSecretProvider).isSameInstanceAs(mockProvider);
	verify(mockProvider, never()).close();
	when(mockProvider.getUpstreamTlsContext()).thenReturn(upstreamTlsContext);
	tlsContextManagerImpl.releaseClientSslContextProvider(mockProvider);
	verify(mockProvider, times(1)).close();
	}
	}