google.golang.org/grpc@v1.62.1/xds/internal/xdsclient/tlscreds/bundle_test.go

google.golang.org/grpc@v1.62.1/xds/internal/xdsclient/tlscreds/bundle_test.go (about)

     1  /*
     2   *
     3   * Copyright 2023 gRPC authors.
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   *
    17   */
    18  
    19  package tlscreds
    20  
    21  import (
    22  	"context"
    23  	"crypto/tls"
    24  	"errors"
    25  	"fmt"
    26  	"strings"
    27  	"testing"
    28  
    29  	"google.golang.org/grpc"
    30  	"google.golang.org/grpc/credentials/tls/certprovider"
    31  	"google.golang.org/grpc/internal/grpctest"
    32  	"google.golang.org/grpc/internal/stubserver"
    33  	"google.golang.org/grpc/internal/testutils/xds/e2e"
    34  	testgrpc "google.golang.org/grpc/interop/grpc_testing"
    35  	testpb "google.golang.org/grpc/interop/grpc_testing"
    36  	"google.golang.org/grpc/testdata"
    37  )
    38  
    39  type s struct {
    40  	grpctest.Tester
    41  }
    42  
    43  func Test(t *testing.T) {
    44  	grpctest.RunSubTests(t, s{})
    45  }
    46  
    47  type failingProvider struct{}
    48  
    49  func (f failingProvider) KeyMaterial(context.Context) (*certprovider.KeyMaterial, error) {
    50  	return nil, errors.New("test error")
    51  }
    52  
    53  func (f failingProvider) Close() {}
    54  
    55  func (s) TestFailingProvider(t *testing.T) {
    56  	s := stubserver.StartTestService(t, nil, grpc.Creds(e2e.CreateServerTLSCredentials(t, tls.RequireAndVerifyClientCert)))
    57  	defer s.Stop()
    58  
    59  	cfg := fmt.Sprintf(`{
    60                 "ca_certificate_file": "%s",
    61                 "certificate_file": "%s",
    62                 "private_key_file": "%s"
    63         }`,
    64  		testdata.Path("x509/server_ca_cert.pem"),
    65  		testdata.Path("x509/client1_cert.pem"),
    66  		testdata.Path("x509/client1_key.pem"))
    67  	tlsBundle, stop, err := NewBundle([]byte(cfg))
    68  	if err != nil {
    69  		t.Fatalf("Failed to create TLS bundle: %v", err)
    70  	}
    71  	stop()
    72  
    73  	// Force a provider that returns an error, and make sure the client fails
    74  	// the handshake.
    75  	creds, ok := tlsBundle.TransportCredentials().(*reloadingCreds)
    76  	if !ok {
    77  		t.Fatalf("Got %T, expected reloadingCreds", tlsBundle.TransportCredentials())
    78  	}
    79  	creds.provider = &failingProvider{}
    80  
    81  	conn, err := grpc.Dial(s.Address, grpc.WithCredentialsBundle(tlsBundle), grpc.WithAuthority("x.test.example.com"))
    82  	if err != nil {
    83  		t.Fatalf("Error dialing: %v", err)
    84  	}
    85  	defer conn.Close()
    86  
    87  	client := testgrpc.NewTestServiceClient(conn)
    88  	_, err = client.EmptyCall(context.Background(), &testpb.Empty{})
    89  	if wantErr := "test error"; err == nil || !strings.Contains(err.Error(), wantErr) {
    90  		t.Errorf("EmptyCall() got err: %s, want err to contain: %s", err, wantErr)
    91  	}
    92  }