From 90d61178a336e955db5f251e903479f6a4e88ef2 Mon Sep 17 00:00:00 2001 From: ZHANG Dapeng Date: Tue, 22 Dec 2020 22:48:39 -0800 Subject: [PATCH] all: ChannelCredentials.withoutBearerTokens() and LoadBalancer.Helper API change (#7748) API change (See go/grpc-rls-callcreds-to-server): - Add `ChannelCredentials.withoutBearerTokens()` - Add `createResolvingOobChannelBuilder(String, ChannelCredentials)`, `getChannelCredentials()` and `getUnsafeChannelCredentials()` for `LoadBalancer.Helper` This PR does not include the implementation of `createResolvingOobChannelBuilder(String, ChannelCredentials)`. --- .../main/java/io/grpc/ChannelCredentials.java | 12 ++++- .../io/grpc/ChoiceChannelCredentials.java | 26 +++++++--- .../io/grpc/CompositeChannelCredentials.java | 5 ++ .../io/grpc/InsecureChannelCredentials.java | 5 ++ api/src/main/java/io/grpc/LoadBalancer.java | 38 ++++++++++++++ .../java/io/grpc/TlsChannelCredentials.java | 5 ++ .../io/grpc/ChoiceChannelCredentialsTest.java | 51 +++++++++++++++++++ .../grpc/CompositeChannelCredentialsTest.java | 41 +++++++++++++++ .../grpc/InsecureChannelCredentialsTest.java | 33 ++++++++++++ .../io/grpc/ManagedChannelRegistryTest.java | 7 ++- .../io/grpc/TlsChannelCredentialsTest.java | 33 ++++++++++++ .../util/ForwardingLoadBalancerHelper.java | 17 +++++++ .../grpc/netty/NettyChannelCredentials.java | 5 ++ .../netty/NettyChannelCredentialsTest.java | 37 ++++++++++++++ .../grpc/netty/ProtocolNegotiatorsTest.java | 28 ++++++++-- .../SslSocketFactoryChannelCredentials.java | 5 ++ .../grpc/okhttp/OkHttpChannelBuilderTest.java | 28 ++++++++-- ...slSocketFactoryChannelCredentialsTest.java | 37 ++++++++++++++ 18 files changed, 395 insertions(+), 18 deletions(-) create mode 100644 api/src/test/java/io/grpc/ChoiceChannelCredentialsTest.java create mode 100644 api/src/test/java/io/grpc/CompositeChannelCredentialsTest.java create mode 100644 api/src/test/java/io/grpc/InsecureChannelCredentialsTest.java create mode 100644 api/src/test/java/io/grpc/TlsChannelCredentialsTest.java create mode 100644 netty/src/test/java/io/grpc/netty/NettyChannelCredentialsTest.java create mode 100644 okhttp/src/test/java/io/grpc/okhttp/SslSocketFactoryChannelCredentialsTest.java diff --git a/api/src/main/java/io/grpc/ChannelCredentials.java b/api/src/main/java/io/grpc/ChannelCredentials.java index a601fb1867..df02ac438b 100644 --- a/api/src/main/java/io/grpc/ChannelCredentials.java +++ b/api/src/main/java/io/grpc/ChannelCredentials.java @@ -35,4 +35,14 @@ package io.grpc; * {@code ChoiceChannelCredentials}!). */ @ExperimentalApi("https://github.com/grpc/grpc-java/issues/7479") -public abstract class ChannelCredentials {} +public abstract class ChannelCredentials { + /** + * Returns the ChannelCredentials stripped of its CallCredentials. In the future, + * this may strip only some of the CallCredentials, preserving call credentials + * that are safe from replay attacks (e.g., if the token is bound to the + * channel's certificate). + * + * @since 1.35.0 + */ + public abstract ChannelCredentials withoutBearerTokens(); +} diff --git a/api/src/main/java/io/grpc/ChoiceChannelCredentials.java b/api/src/main/java/io/grpc/ChoiceChannelCredentials.java index 2fe00da86e..a32a6b4be9 100644 --- a/api/src/main/java/io/grpc/ChoiceChannelCredentials.java +++ b/api/src/main/java/io/grpc/ChoiceChannelCredentials.java @@ -16,9 +16,10 @@ package io.grpc; +import static java.util.Collections.unmodifiableList; + import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.List; /** @@ -36,22 +37,31 @@ public final class ChoiceChannelCredentials extends ChannelCredentials { if (creds.length == 0) { throw new IllegalArgumentException("At least one credential is required"); } - return new ChoiceChannelCredentials(creds); - } - - private final List creds; - - private ChoiceChannelCredentials(ChannelCredentials... creds) { for (ChannelCredentials cred : creds) { if (cred == null) { throw new NullPointerException(); } } - this.creds = Collections.unmodifiableList(new ArrayList<>(Arrays.asList(creds))); + return new ChoiceChannelCredentials(unmodifiableList(new ArrayList<>(Arrays.asList(creds)))); + } + + private final List creds; + + private ChoiceChannelCredentials(List creds) { + this.creds = creds; } /** Non-empty list of credentials, in preference order. */ public List getCredentialsList() { return creds; } + + @Override + public ChannelCredentials withoutBearerTokens() { + List credsWithoutTokens = new ArrayList<>(); + for (ChannelCredentials cred : creds) { + credsWithoutTokens.add(cred.withoutBearerTokens()); + } + return new ChoiceChannelCredentials(unmodifiableList(credsWithoutTokens)); + } } diff --git a/api/src/main/java/io/grpc/CompositeChannelCredentials.java b/api/src/main/java/io/grpc/CompositeChannelCredentials.java index a3819fccee..6f2324b71a 100644 --- a/api/src/main/java/io/grpc/CompositeChannelCredentials.java +++ b/api/src/main/java/io/grpc/CompositeChannelCredentials.java @@ -46,4 +46,9 @@ public final class CompositeChannelCredentials extends ChannelCredentials { public CallCredentials getCallCredentials() { return callCredentials; } + + @Override + public ChannelCredentials withoutBearerTokens() { + return channelCredentials.withoutBearerTokens(); + } } diff --git a/api/src/main/java/io/grpc/InsecureChannelCredentials.java b/api/src/main/java/io/grpc/InsecureChannelCredentials.java index 9f67b0b249..ec5ff95985 100644 --- a/api/src/main/java/io/grpc/InsecureChannelCredentials.java +++ b/api/src/main/java/io/grpc/InsecureChannelCredentials.java @@ -24,4 +24,9 @@ public final class InsecureChannelCredentials extends ChannelCredentials { } private InsecureChannelCredentials() {} + + @Override + public ChannelCredentials withoutBearerTokens() { + return this; + } } diff --git a/api/src/main/java/io/grpc/LoadBalancer.java b/api/src/main/java/io/grpc/LoadBalancer.java index c609e2a54d..8ae557cb5a 100644 --- a/api/src/main/java/io/grpc/LoadBalancer.java +++ b/api/src/main/java/io/grpc/LoadBalancer.java @@ -1060,6 +1060,24 @@ public abstract class LoadBalancer { throw new UnsupportedOperationException("Not implemented"); } + /** + * Creates an out-of-band channel builder for LoadBalancer's own RPC needs, e.g., talking to an + * external load-balancer service, that is specified by a target string and credentials. See + * the documentation on {@link Grpc#newChannelBuilder} for the format of a target string. + * + *

The target string will be resolved by a {@link NameResolver} created according to the + * target string. + * + *

The LoadBalancer is responsible for closing unused OOB channels, and closing all OOB + * channels within {@link #shutdown}. + * + * @since 1.35.0 + */ + public ManagedChannelBuilder createResolvingOobChannelBuilder( + String target, ChannelCredentials creds) { + throw new UnsupportedOperationException(); + } + /** * Set a new state with a new picker to the channel. * @@ -1157,6 +1175,26 @@ public abstract class LoadBalancer { */ public abstract String getAuthority(); + /** + * Returns the ChannelCredentials used to construct the channel, without bearer tokens. + * + * @since 1.35.0 + */ + public ChannelCredentials getChannelCredentials() { + return getUnsafeChannelCredentials().withoutBearerTokens(); + } + + /** + * Returns the authority string of the channel, which is derived from the DNS-style target name. + * If overridden by a load balancer, {@link #getUnsafeChannelCredentials} must also be + * overridden to call {@link #getChannelCredentials} or provide appropriate credentials. + * + * @since 1.35.0 + */ + public ChannelCredentials getUnsafeChannelCredentials() { + throw new UnsupportedOperationException(); + } + /** * Returns the {@link ChannelLogger} for the Channel served by this LoadBalancer. * diff --git a/api/src/main/java/io/grpc/TlsChannelCredentials.java b/api/src/main/java/io/grpc/TlsChannelCredentials.java index 91f57391cd..b529bf504f 100644 --- a/api/src/main/java/io/grpc/TlsChannelCredentials.java +++ b/api/src/main/java/io/grpc/TlsChannelCredentials.java @@ -81,6 +81,11 @@ public final class TlsChannelCredentials extends ChannelCredentials { } } + @Override + public ChannelCredentials withoutBearerTokens() { + return this; + } + /** * Features to understand TLS configuration. Additional enum values may be added in the future. */ diff --git a/api/src/test/java/io/grpc/ChoiceChannelCredentialsTest.java b/api/src/test/java/io/grpc/ChoiceChannelCredentialsTest.java new file mode 100644 index 0000000000..2b126b5d37 --- /dev/null +++ b/api/src/test/java/io/grpc/ChoiceChannelCredentialsTest.java @@ -0,0 +1,51 @@ +/* + * Copyright 2020 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc; + +import static com.google.common.truth.Truth.assertThat; +import static org.mockito.Mockito.mock; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Tests for {@link ChoiceChannelCredentials}. */ +@RunWith(JUnit4.class) +public class ChoiceChannelCredentialsTest { + @Test + public void withoutBearTokenGivesChoiceOfCredsWithoutToken() { + final ChannelCredentials creds1WithoutToken = mock(ChannelCredentials.class); + ChannelCredentials creds1 = new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + return creds1WithoutToken; + } + }; + final ChannelCredentials creds2WithoutToken = mock(ChannelCredentials.class); + ChannelCredentials creds2 = new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + return creds2WithoutToken; + } + }; + ChannelCredentials choice = ChoiceChannelCredentials.create(creds1, creds2); + ChannelCredentials choiceWithouToken = choice.withoutBearerTokens(); + assertThat(choiceWithouToken).isInstanceOf(ChoiceChannelCredentials.class); + assertThat(((ChoiceChannelCredentials) choiceWithouToken).getCredentialsList()) + .containsExactly(creds1WithoutToken, creds2WithoutToken); + } +} diff --git a/api/src/test/java/io/grpc/CompositeChannelCredentialsTest.java b/api/src/test/java/io/grpc/CompositeChannelCredentialsTest.java new file mode 100644 index 0000000000..cf9914b2ed --- /dev/null +++ b/api/src/test/java/io/grpc/CompositeChannelCredentialsTest.java @@ -0,0 +1,41 @@ +/* + * Copyright 2020 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc; + +import static com.google.common.truth.Truth.assertThat; +import static org.mockito.Mockito.mock; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Tests for {@link CompositeChannelCredentials}. */ +@RunWith(JUnit4.class) +public class CompositeChannelCredentialsTest { + @Test + public void withoutBearTokenGivesCredsWithoutCallCreds() { + ChannelCredentials channelChreds = new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + return this; + } + }; + CallCredentials callCreds = mock(CallCredentials.class); + ChannelCredentials comp = CompositeChannelCredentials.create(channelChreds, callCreds); + assertThat(comp.withoutBearerTokens()).isEqualTo(channelChreds); + } +} diff --git a/api/src/test/java/io/grpc/InsecureChannelCredentialsTest.java b/api/src/test/java/io/grpc/InsecureChannelCredentialsTest.java new file mode 100644 index 0000000000..8d6504a0be --- /dev/null +++ b/api/src/test/java/io/grpc/InsecureChannelCredentialsTest.java @@ -0,0 +1,33 @@ +/* + * Copyright 2020 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc; + +import static com.google.common.truth.Truth.assertThat; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Tests for {@link InsecureChannelCredentials}. */ +@RunWith(JUnit4.class) +public class InsecureChannelCredentialsTest { + @Test + public void withoutBearTokenGivesItself() { + ChannelCredentials insecureCreds = InsecureChannelCredentials.create(); + assertThat(insecureCreds.withoutBearerTokens()).isEqualTo(insecureCreds); + } +} diff --git a/api/src/test/java/io/grpc/ManagedChannelRegistryTest.java b/api/src/test/java/io/grpc/ManagedChannelRegistryTest.java index 9266559c0b..6f25f62057 100644 --- a/api/src/test/java/io/grpc/ManagedChannelRegistryTest.java +++ b/api/src/test/java/io/grpc/ManagedChannelRegistryTest.java @@ -27,7 +27,12 @@ import org.junit.runners.JUnit4; @RunWith(JUnit4.class) public class ManagedChannelRegistryTest { private String target = "testing123"; - private ChannelCredentials creds = new ChannelCredentials() {}; + private ChannelCredentials creds = new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + }; @Test public void register_unavailableProviderThrows() { diff --git a/api/src/test/java/io/grpc/TlsChannelCredentialsTest.java b/api/src/test/java/io/grpc/TlsChannelCredentialsTest.java new file mode 100644 index 0000000000..78324c4f3a --- /dev/null +++ b/api/src/test/java/io/grpc/TlsChannelCredentialsTest.java @@ -0,0 +1,33 @@ +/* + * Copyright 2020 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc; + +import static com.google.common.truth.Truth.assertThat; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Tests for {@link TlsChannelCredentials}. */ +@RunWith(JUnit4.class) +public class TlsChannelCredentialsTest { + @Test + public void withoutBearTokenGivesItself() { + ChannelCredentials tlsCreds = TlsChannelCredentials.create(); + assertThat(tlsCreds.withoutBearerTokens()).isEqualTo(tlsCreds); + } +} diff --git a/core/src/main/java/io/grpc/util/ForwardingLoadBalancerHelper.java b/core/src/main/java/io/grpc/util/ForwardingLoadBalancerHelper.java index 85c5c7b125..11820e20f1 100644 --- a/core/src/main/java/io/grpc/util/ForwardingLoadBalancerHelper.java +++ b/core/src/main/java/io/grpc/util/ForwardingLoadBalancerHelper.java @@ -18,6 +18,7 @@ package io.grpc.util; import com.google.common.base.MoreObjects; import io.grpc.Attributes; +import io.grpc.ChannelCredentials; import io.grpc.ChannelLogger; import io.grpc.ConnectivityState; import io.grpc.EquivalentAddressGroup; @@ -74,6 +75,12 @@ public abstract class ForwardingLoadBalancerHelper extends LoadBalancer.Helper { return delegate().createResolvingOobChannelBuilder(target); } + @Override + public ManagedChannelBuilder createResolvingOobChannelBuilder( + String target, ChannelCredentials creds) { + return delegate().createResolvingOobChannelBuilder(target, creds); + } + @Override public ManagedChannel createResolvingOobChannel(String target) { return delegate().createResolvingOobChannel(target); @@ -107,6 +114,16 @@ public abstract class ForwardingLoadBalancerHelper extends LoadBalancer.Helper { return delegate().getAuthority(); } + @Override + public ChannelCredentials getChannelCredentials() { + return delegate().getChannelCredentials(); + } + + @Override + public ChannelCredentials getUnsafeChannelCredentials() { + return delegate().getUnsafeChannelCredentials(); + } + @Override public SynchronizationContext getSynchronizationContext() { return delegate().getSynchronizationContext(); diff --git a/netty/src/main/java/io/grpc/netty/NettyChannelCredentials.java b/netty/src/main/java/io/grpc/netty/NettyChannelCredentials.java index e38b7e6b18..d71ca1dc01 100644 --- a/netty/src/main/java/io/grpc/netty/NettyChannelCredentials.java +++ b/netty/src/main/java/io/grpc/netty/NettyChannelCredentials.java @@ -34,4 +34,9 @@ final class NettyChannelCredentials extends ChannelCredentials { public ProtocolNegotiator.ClientFactory getNegotiator() { return negotiator; } + + @Override + public ChannelCredentials withoutBearerTokens() { + return this; + } } diff --git a/netty/src/test/java/io/grpc/netty/NettyChannelCredentialsTest.java b/netty/src/test/java/io/grpc/netty/NettyChannelCredentialsTest.java new file mode 100644 index 0000000000..33ad8212a6 --- /dev/null +++ b/netty/src/test/java/io/grpc/netty/NettyChannelCredentialsTest.java @@ -0,0 +1,37 @@ +/* + * Copyright 2020 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.netty; + +import static com.google.common.truth.Truth.assertThat; +import static org.mockito.Mockito.mock; + +import io.grpc.ChannelCredentials; +import io.grpc.netty.ProtocolNegotiator.ClientFactory; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Tests for {@link NettyChannelCredentials}. */ +@RunWith(JUnit4.class) +public class NettyChannelCredentialsTest { + @Test + public void withoutBearTokenGivesItself() { + ChannelCredentials nettyChannelCreds = + NettyChannelCredentials.create(mock(ClientFactory.class)); + assertThat(nettyChannelCreds.withoutBearerTokens()).isEqualTo(nettyChannelCreds); + } +} diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java index e5fc1b74c9..1fc420b519 100644 --- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java +++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java @@ -184,7 +184,12 @@ public class ProtocolNegotiatorsTest { @Test public void fromClient_unknown() { ProtocolNegotiators.FromChannelCredentialsResult result = - ProtocolNegotiators.from(new ChannelCredentials() {}); + ProtocolNegotiators.from(new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + }); assertThat(result.error).isNotNull(); assertThat(result.callCredentials).isNull(); assertThat(result.negotiator).isNull(); @@ -252,7 +257,12 @@ public class ProtocolNegotiatorsTest { public void fromClient_choice() { ProtocolNegotiators.FromChannelCredentialsResult result = ProtocolNegotiators.from(ChoiceChannelCredentials.create( - new ChannelCredentials() {}, + new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + }, TlsChannelCredentials.create(), InsecureChannelCredentials.create())); assertThat(result.error).isNull(); @@ -262,7 +272,12 @@ public class ProtocolNegotiatorsTest { result = ProtocolNegotiators.from(ChoiceChannelCredentials.create( InsecureChannelCredentials.create(), - new ChannelCredentials() {}, + new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + }, TlsChannelCredentials.create())); assertThat(result.error).isNull(); assertThat(result.callCredentials).isNull(); @@ -274,7 +289,12 @@ public class ProtocolNegotiatorsTest { public void fromClient_choice_unknown() { ProtocolNegotiators.FromChannelCredentialsResult result = ProtocolNegotiators.from(ChoiceChannelCredentials.create( - new ChannelCredentials() {})); + new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + })); assertThat(result.error).isNotNull(); assertThat(result.callCredentials).isNull(); assertThat(result.negotiator).isNull(); diff --git a/okhttp/src/main/java/io/grpc/okhttp/SslSocketFactoryChannelCredentials.java b/okhttp/src/main/java/io/grpc/okhttp/SslSocketFactoryChannelCredentials.java index 3ee524c884..059a0972e4 100644 --- a/okhttp/src/main/java/io/grpc/okhttp/SslSocketFactoryChannelCredentials.java +++ b/okhttp/src/main/java/io/grpc/okhttp/SslSocketFactoryChannelCredentials.java @@ -40,5 +40,10 @@ public final class SslSocketFactoryChannelCredentials { public SSLSocketFactory getFactory() { return factory; } + + @Override + public io.grpc.ChannelCredentials withoutBearerTokens() { + return this; + } } } diff --git a/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java b/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java index 4e51ce2109..a2ef6911db 100644 --- a/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java +++ b/okhttp/src/test/java/io/grpc/okhttp/OkHttpChannelBuilderTest.java @@ -125,7 +125,12 @@ public class OkHttpChannelBuilderTest { @Test public void sslSocketFactoryFrom_unknown() { OkHttpChannelBuilder.SslSocketFactoryResult result = - OkHttpChannelBuilder.sslSocketFactoryFrom(new ChannelCredentials() {}); + OkHttpChannelBuilder.sslSocketFactoryFrom(new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + }); assertThat(result.error).isNotNull(); assertThat(result.callCredentials).isNull(); assertThat(result.factory).isNull(); @@ -191,7 +196,12 @@ public class OkHttpChannelBuilderTest { public void sslSocketFactoryFrom_choice() { OkHttpChannelBuilder.SslSocketFactoryResult result = OkHttpChannelBuilder.sslSocketFactoryFrom(ChoiceChannelCredentials.create( - new ChannelCredentials() {}, + new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + }, TlsChannelCredentials.create(), InsecureChannelCredentials.create())); assertThat(result.error).isNull(); @@ -200,7 +210,12 @@ public class OkHttpChannelBuilderTest { result = OkHttpChannelBuilder.sslSocketFactoryFrom(ChoiceChannelCredentials.create( InsecureChannelCredentials.create(), - new ChannelCredentials() {}, + new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + }, TlsChannelCredentials.create())); assertThat(result.error).isNull(); assertThat(result.callCredentials).isNull(); @@ -211,7 +226,12 @@ public class OkHttpChannelBuilderTest { public void sslSocketFactoryFrom_choice_unknown() { OkHttpChannelBuilder.SslSocketFactoryResult result = OkHttpChannelBuilder.sslSocketFactoryFrom(ChoiceChannelCredentials.create( - new ChannelCredentials() {})); + new ChannelCredentials() { + @Override + public ChannelCredentials withoutBearerTokens() { + throw new UnsupportedOperationException(); + } + })); assertThat(result.error).isNotNull(); assertThat(result.callCredentials).isNull(); assertThat(result.factory).isNull(); diff --git a/okhttp/src/test/java/io/grpc/okhttp/SslSocketFactoryChannelCredentialsTest.java b/okhttp/src/test/java/io/grpc/okhttp/SslSocketFactoryChannelCredentialsTest.java new file mode 100644 index 0000000000..2e87b5af71 --- /dev/null +++ b/okhttp/src/test/java/io/grpc/okhttp/SslSocketFactoryChannelCredentialsTest.java @@ -0,0 +1,37 @@ +/* + * Copyright 2020 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.okhttp; + +import static com.google.common.truth.Truth.assertThat; +import static org.mockito.Mockito.mock; + +import io.grpc.ChannelCredentials; +import javax.net.ssl.SSLSocketFactory; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Tests for {@link SslSocketFactoryChannelCredentials}. */ +@RunWith(JUnit4.class) +public class SslSocketFactoryChannelCredentialsTest { + @Test + public void withoutBearTokenGivesItself() { + ChannelCredentials sslSocketFactoryCreds = + SslSocketFactoryChannelCredentials.create(mock(SSLSocketFactory.class)); + assertThat(sslSocketFactoryCreds.withoutBearerTokens()).isEqualTo(sslSocketFactoryCreds); + } +}