google.golang.org/grpc@v1.72.2/internal/xds/bootstrap/tlscreds/bundle_test.go

google.golang.org/grpc@v1.72.2/internal/xds/bootstrap/tlscreds/bundle_test.go (about)

     1  /*
     2   *
     3   * Copyright 2023 gRPC authors.
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   *
    17   */
    18  
    19  package tlscreds
    20  
    21  import (
    22  	"context"
    23  	"crypto/tls"
    24  	"errors"
    25  	"fmt"
    26  	"strings"
    27  	"testing"
    28  	"time"
    29  
    30  	"google.golang.org/grpc"
    31  	"google.golang.org/grpc/credentials/tls/certprovider"
    32  	"google.golang.org/grpc/internal/grpctest"
    33  	"google.golang.org/grpc/internal/stubserver"
    34  	"google.golang.org/grpc/internal/testutils"
    35  	"google.golang.org/grpc/testdata"
    36  
    37  	testgrpc "google.golang.org/grpc/interop/grpc_testing"
    38  	testpb "google.golang.org/grpc/interop/grpc_testing"
    39  )
    40  
    41  const defaultTestTimeout = 5 * time.Second
    42  
    43  type s struct {
    44  	grpctest.Tester
    45  }
    46  
    47  func Test(t *testing.T) {
    48  	grpctest.RunSubTests(t, s{})
    49  }
    50  
    51  type failingProvider struct{}
    52  
    53  func (f failingProvider) KeyMaterial(context.Context) (*certprovider.KeyMaterial, error) {
    54  	return nil, errors.New("test error")
    55  }
    56  
    57  func (f failingProvider) Close() {}
    58  
    59  func (s) TestFailingProvider(t *testing.T) {
    60  	s := stubserver.StartTestService(t, nil, grpc.Creds(testutils.CreateServerTLSCredentials(t, tls.RequireAndVerifyClientCert)))
    61  	defer s.Stop()
    62  
    63  	cfg := fmt.Sprintf(`{
    64                 "ca_certificate_file": "%s",
    65                 "certificate_file": "%s",
    66                 "private_key_file": "%s"
    67         }`,
    68  		testdata.Path("x509/server_ca_cert.pem"),
    69  		testdata.Path("x509/client1_cert.pem"),
    70  		testdata.Path("x509/client1_key.pem"))
    71  	tlsBundle, stop, err := NewBundle([]byte(cfg))
    72  	if err != nil {
    73  		t.Fatalf("Failed to create TLS bundle: %v", err)
    74  	}
    75  	stop()
    76  
    77  	// Force a provider that returns an error, and make sure the client fails
    78  	// the handshake.
    79  	creds, ok := tlsBundle.TransportCredentials().(*reloadingCreds)
    80  	if !ok {
    81  		t.Fatalf("Got %T, expected reloadingCreds", tlsBundle.TransportCredentials())
    82  	}
    83  	creds.provider = &failingProvider{}
    84  
    85  	conn, err := grpc.NewClient(s.Address, grpc.WithCredentialsBundle(tlsBundle), grpc.WithAuthority("x.test.example.com"))
    86  	if err != nil {
    87  		t.Fatalf("Error dialing: %v", err)
    88  	}
    89  	defer conn.Close()
    90  
    91  	client := testgrpc.NewTestServiceClient(conn)
    92  	ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
    93  	defer cancel()
    94  	_, err = client.EmptyCall(ctx, &testpb.Empty{})
    95  	if wantErr := "test error"; err == nil || !strings.Contains(err.Error(), wantErr) {
    96  		t.Errorf("EmptyCall() got err: %s, want err to contain: %s", err, wantErr)
    97  	}
    98  }