grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xds: rename SecretProvider to SslContextProvider and make it non-generic (#6349)

This commit is contained in:
sanjaypujare 2019-10-29 11:25:10 -07:00 committed by GitHub
parent da1231abd8
commit d04529256a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 83 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
xds/src/main/java/io/grpc/xds/sds/SslContextSecretVolumeSecretProvider.java → xds/src/main/java/io/grpc/xds/sds/SecretVolumeSslContextProvider.java
View File

@ -45,10 +45,10 @@ import javax.annotation.Nullable;
* An SslContext provider that uses file-based secrets (secret volume). Used for both server and * An SslContext provider that uses file-based secrets (secret volume). Used for both server and
* client SslContexts * client SslContexts
*/ */
final class SslContextSecretVolumeSecretProvider implements SecretProvider<SslContext> { final class SecretVolumeSslContextProvider implements SslContextProvider {
private static final Logger logger = private static final Logger logger =
Logger.getLogger(SslContextSecretVolumeSecretProvider.class.getName()); Logger.getLogger(SecretVolumeSslContextProvider.class.getName());
private final boolean server; private final boolean server;
@Nullable private final String privateKey; @Nullable private final String privateKey;
@ -56,7 +56,7 @@ final class SslContextSecretVolumeSecretProvider implements SecretProvider<SslCo
@Nullable private final String certificateChain; @Nullable private final String certificateChain;
@Nullable private final CertificateValidationContext certContext; @Nullable private final CertificateValidationContext certContext;
private SslContextSecretVolumeSecretProvider( private SecretVolumeSslContextProvider(
@Nullable String privateKey, @Nullable String privateKey,
@Nullable String privateKeyPassword, @Nullable String privateKeyPassword,
@Nullable String certificateChain, @Nullable String certificateChain,
@ -106,7 +106,7 @@ final class SslContextSecretVolumeSecretProvider implements SecretProvider<SslCo
return tlsCertificate; return tlsCertificate;
} }
static SslContextSecretVolumeSecretProvider getProviderForServer( static SecretVolumeSslContextProvider getProviderForServer(
DownstreamTlsContext downstreamTlsContext) { DownstreamTlsContext downstreamTlsContext) {
checkNotNull(downstreamTlsContext, "downstreamTlsContext"); checkNotNull(downstreamTlsContext, "downstreamTlsContext");
CommonTlsContext commonTlsContext = downstreamTlsContext.getCommonTlsContext(); CommonTlsContext commonTlsContext = downstreamTlsContext.getCommonTlsContext();
@ -125,7 +125,7 @@ final class SslContextSecretVolumeSecretProvider implements SecretProvider<SslCo
} }
String privateKeyPassword = String privateKeyPassword =
tlsCertificate.hasPassword() ? tlsCertificate.getPassword().getInlineString() : null; tlsCertificate.hasPassword() ? tlsCertificate.getPassword().getInlineString() : null;
return new SslContextSecretVolumeSecretProvider( return new SecretVolumeSslContextProvider(
tlsCertificate.getPrivateKey().getFilename(), tlsCertificate.getPrivateKey().getFilename(),
privateKeyPassword, privateKeyPassword,
tlsCertificate.getCertificateChain().getFilename(), tlsCertificate.getCertificateChain().getFilename(),
@ -133,7 +133,7 @@ final class SslContextSecretVolumeSecretProvider implements SecretProvider<SslCo
/* server= */ true); /* server= */ true);
} }
static SslContextSecretVolumeSecretProvider getProviderForClient( static SecretVolumeSslContextProvider getProviderForClient(
UpstreamTlsContext upstreamTlsContext) { UpstreamTlsContext upstreamTlsContext) {
checkNotNull(upstreamTlsContext, "upstreamTlsContext"); checkNotNull(upstreamTlsContext, "upstreamTlsContext");
CommonTlsContext commonTlsContext = upstreamTlsContext.getCommonTlsContext(); CommonTlsContext commonTlsContext = upstreamTlsContext.getCommonTlsContext();
@ -159,7 +159,7 @@ final class SslContextSecretVolumeSecretProvider implements SecretProvider<SslCo
} }
certificateChain = tlsCertificate.getCertificateChain().getFilename(); certificateChain = tlsCertificate.getCertificateChain().getFilename();
} }
return new SslContextSecretVolumeSecretProvider( return new SecretVolumeSslContextProvider(
privateKey, privateKey,
privateKeyPassword, privateKeyPassword,
certificateChain, certificateChain,
@ -181,7 +181,7 @@ final class SslContextSecretVolumeSecretProvider implements SecretProvider<SslCo
} }
@Override @Override
public void addCallback(final Callback<SslContext> callback, Executor executor) { public void addCallback(final Callback callback, Executor executor) {
checkNotNull(callback, "callback"); checkNotNull(callback, "callback");
checkNotNull(executor, "executor"); checkNotNull(executor, "executor");
executor.execute( executor.execute(

24
xds/src/main/java/io/grpc/xds/sds/SecretProvider.java → xds/src/main/java/io/grpc/xds/sds/SslContextProvider.java
View File

@ -17,28 +17,30 @@
package io.grpc.xds.sds; package io.grpc.xds.sds;
import io.grpc.Internal; import io.grpc.Internal;
import io.netty.handler.ssl.SslContext;
import java.util.concurrent.Executor; import java.util.concurrent.Executor;
/** /**
* A SecretProvider is a "container" or provider of a secret. This is used by gRPC-xds to access * A SslContextProvider is a "container" or provider of SslContext. This is used by gRPC-xds to
* secrets, so is not part of the public API of gRPC. This "container" may represent a stream that * obtain an SslContext, so is not part of the public API of gRPC. This "container" may represent
* is receiving the requested secret(s) or it could represent file-system based secret(s) that are * a stream that is receiving the requested secret(s) or it could represent file-system based
* dynamic. * secret(s) that are dynamic.
*/ */
@Internal @Internal
public interface SecretProvider<T> { public interface SslContextProvider {
interface Callback<T> { interface Callback {
/** Informs callee of new/updated secret. */ /** Informs callee of new/updated SslContext. */
void updateSecret(T secret); void updateSecret(SslContext sslContext);
/** Informs callee of an exception that was generated. */ /** Informs callee of an exception that was generated. */
void onException(Throwable throwable); void onException(Throwable throwable);
} }
/** /**
* Registers a callback on the given executor. The callback will run when secret becomes available * Registers a callback on the given executor. The callback will run when SslContext becomes
* or immediately if the result is already available. * available or immediately if the result is already available.
*/ */
void addCallback(Callback<T> callback, Executor executor); void addCallback(Callback callback, Executor executor);
} }

15
xds/src/main/java/io/grpc/xds/sds/TlsContextManager.java
View File

@ -19,13 +19,12 @@ package io.grpc.xds.sds;
import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext; import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.Internal; import io.grpc.Internal;
import io.netty.handler.ssl.SslContext;
/** /**
* Class to manage secrets used to create SSL contexts - this effectively manages SSL contexts * Class to manage secrets used to create SSL contexts - this effectively manages SSL contexts
* (aka TlsContexts) based on inputs we get from xDS. This is used by gRPC-xds to access the * (aka TlsContexts) based on inputs we get from xDS. This is used by gRPC-xds to access the
* SSL contexts/secrets and is not public API. * SSL contexts/secrets and is not public API.
* Currently it just creates a new SecretProvider for each call. * Currently it just creates a new SslContextProvider for each call.
*/ */
// TODO(sanjaypujare): implement a Map and ref-counting // TODO(sanjaypujare): implement a Map and ref-counting
@Internal @Internal
@ -43,15 +42,15 @@ public final class TlsContextManager {
return instance; return instance;
} }
/** Creates a SecretProvider. Used for retrieving a server-side SslContext. */ /** Creates a SslContextProvider. Used for retrieving a server-side SslContext. */
public SecretProvider<SslContext> findOrCreateServerSslContextProvider( public SslContextProvider findOrCreateServerSslContextProvider(
DownstreamTlsContext downstreamTlsContext) { DownstreamTlsContext downstreamTlsContext) {
return SslContextSecretVolumeSecretProvider.getProviderForServer(downstreamTlsContext); return SecretVolumeSslContextProvider.getProviderForServer(downstreamTlsContext);
} }
/** Creates a SecretProvider. Used for retrieving a client-side SslContext. */ /** Creates a SslContextProvider. Used for retrieving a client-side SslContext. */
public SecretProvider<SslContext> findOrCreateClientSslContextProvider( public SslContextProvider findOrCreateClientSslContextProvider(
UpstreamTlsContext upstreamTlsContext) { UpstreamTlsContext upstreamTlsContext) {
return SslContextSecretVolumeSecretProvider.getProviderForClient(upstreamTlsContext); return SecretVolumeSslContextProvider.getProviderForClient(upstreamTlsContext);
} }
} }

10
xds/src/main/java/io/grpc/xds/sds/internal/SdsProtocolNegotiators.java
View File

@ -29,7 +29,7 @@ import io.grpc.netty.InternalProtocolNegotiator;
import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator; import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
import io.grpc.netty.InternalProtocolNegotiators; import io.grpc.netty.InternalProtocolNegotiators;
import io.grpc.netty.NettyChannelBuilder; import io.grpc.netty.NettyChannelBuilder;
import io.grpc.xds.sds.SecretProvider; import io.grpc.xds.sds.SslContextProvider;
import io.grpc.xds.sds.TlsContextManager; import io.grpc.xds.sds.TlsContextManager;
import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerAdapter; import io.netty.channel.ChannelHandlerAdapter;
@ -192,11 +192,11 @@ public final class SdsProtocolNegotiators {
final BufferReadsHandler bufferReads = new BufferReadsHandler(); final BufferReadsHandler bufferReads = new BufferReadsHandler();
ctx.pipeline().addBefore(ctx.name(), null, bufferReads); ctx.pipeline().addBefore(ctx.name(), null, bufferReads);
SecretProvider<SslContext> sslContextProvider = SslContextProvider sslContextProvider =
TlsContextManager.getInstance().findOrCreateClientSslContextProvider(upstreamTlsContext); TlsContextManager.getInstance().findOrCreateClientSslContextProvider(upstreamTlsContext);
sslContextProvider.addCallback( sslContextProvider.addCallback(
new SecretProvider.Callback<SslContext>() { new SslContextProvider.Callback() {
@Override @Override
public void updateSecret(SslContext sslContext) { public void updateSecret(SslContext sslContext) {
@ -277,12 +277,12 @@ public final class SdsProtocolNegotiators {
final BufferReadsHandler bufferReads = new BufferReadsHandler(); final BufferReadsHandler bufferReads = new BufferReadsHandler();
ctx.pipeline().addBefore(ctx.name(), null, bufferReads); ctx.pipeline().addBefore(ctx.name(), null, bufferReads);
SecretProvider<SslContext> sslContextProvider = SslContextProvider sslContextProvider =
TlsContextManager.getInstance() TlsContextManager.getInstance()
.findOrCreateServerSslContextProvider(downstreamTlsContext); .findOrCreateServerSslContextProvider(downstreamTlsContext);
sslContextProvider.addCallback( sslContextProvider.addCallback(
new SecretProvider.Callback<SslContext>() { new SslContextProvider.Callback() {
@Override @Override
public void updateSecret(SslContext sslContext) { public void updateSecret(SslContext sslContext) {

92
xds/src/test/java/io/grpc/xds/sds/SslContextSecretVolumeSecretProviderTest.java → xds/src/test/java/io/grpc/xds/sds/SecretVolumeSslContextProviderTest.java
View File

@ -39,9 +39,9 @@ import org.junit.rules.TemporaryFolder;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.junit.runners.JUnit4; import org.junit.runners.JUnit4;
/** Unit tests for {@link SslContextSecretVolumeSecretProvider}. */ /** Unit tests for {@link SecretVolumeSslContextProvider}. */
@RunWith(JUnit4.class) @RunWith(JUnit4.class)
public class SslContextSecretVolumeSecretProviderTest { public class SecretVolumeSslContextProviderTest {
private static final String SERVER_1_PEM_FILE = "server1.pem"; private static final String SERVER_1_PEM_FILE = "server1.pem";
private static final String SERVER_1_KEY_FILE = "server1.key"; private static final String SERVER_1_KEY_FILE = "server1.key";
@ -55,7 +55,7 @@ public class SslContextSecretVolumeSecretProviderTest {
public void validateCertificateContext_nullAndNotOptional_throwsException() { public void validateCertificateContext_nullAndNotOptional_throwsException() {
// expect exception when certContext is null and not optional // expect exception when certContext is null and not optional
try { try {
SslContextSecretVolumeSecretProvider.validateCertificateContext( SecretVolumeSslContextProvider.validateCertificateContext(
/* certContext= */ null, /* optional= */ false); /* certContext= */ null, /* optional= */ false);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -68,7 +68,7 @@ public class SslContextSecretVolumeSecretProviderTest {
// expect exception when certContext has no CA and not optional // expect exception when certContext has no CA and not optional
CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance(); CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance();
try { try {
SslContextSecretVolumeSecretProvider.validateCertificateContext( SecretVolumeSslContextProvider.validateCertificateContext(
certContext, /* optional= */ false); certContext, /* optional= */ false);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -80,7 +80,7 @@ public class SslContextSecretVolumeSecretProviderTest {
public void validateCertificateContext_nullAndOptional() { public void validateCertificateContext_nullAndOptional() {
// certContext argument can be null when optional // certContext argument can be null when optional
CertificateValidationContext certContext = CertificateValidationContext certContext =
SslContextSecretVolumeSecretProvider.validateCertificateContext( SecretVolumeSslContextProvider.validateCertificateContext(
/* certContext= */ null, /* optional= */ true); /* certContext= */ null, /* optional= */ true);
assertThat(certContext).isNull(); assertThat(certContext).isNull();
} }
@ -90,7 +90,7 @@ public class SslContextSecretVolumeSecretProviderTest {
// certContext argument can have missing CA when optional // certContext argument can have missing CA when optional
CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance(); CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance();
assertThat( assertThat(
SslContextSecretVolumeSecretProvider.validateCertificateContext( SecretVolumeSslContextProvider.validateCertificateContext(
certContext, /* optional= */ true)) certContext, /* optional= */ true))
.isNull(); .isNull();
} }
@ -103,7 +103,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setTrustedCa(DataSource.newBuilder().setInlineString("foo")) .setTrustedCa(DataSource.newBuilder().setInlineString("foo"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.validateCertificateContext( SecretVolumeSslContextProvider.validateCertificateContext(
certContext, /* optional= */ false); certContext, /* optional= */ false);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -119,7 +119,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setTrustedCa(DataSource.newBuilder().setFilename("bar")) .setTrustedCa(DataSource.newBuilder().setFilename("bar"))
.build(); .build();
assertThat( assertThat(
SslContextSecretVolumeSecretProvider.validateCertificateContext( SecretVolumeSslContextProvider.validateCertificateContext(
certContext, /* optional= */ false)) certContext, /* optional= */ false))
.isSameInstanceAs(certContext); .isSameInstanceAs(certContext);
} }
@ -128,7 +128,7 @@ public class SslContextSecretVolumeSecretProviderTest {
public void validateTlsCertificate_nullAndNotOptional_throwsException() { public void validateTlsCertificate_nullAndNotOptional_throwsException() {
// expect exception when tlsCertificate is null and not optional // expect exception when tlsCertificate is null and not optional
try { try {
SslContextSecretVolumeSecretProvider.validateTlsCertificate( SecretVolumeSslContextProvider.validateTlsCertificate(
/* tlsCertificate= */ null, /* optional= */ false); /* tlsCertificate= */ null, /* optional= */ false);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -139,7 +139,7 @@ public class SslContextSecretVolumeSecretProviderTest {
@Test @Test
public void validateTlsCertificate_nullOptional() { public void validateTlsCertificate_nullOptional() {
assertThat( assertThat(
SslContextSecretVolumeSecretProvider.validateTlsCertificate( SecretVolumeSslContextProvider.validateTlsCertificate(
/* tlsCertificate= */ null, /* optional= */ true)) /* tlsCertificate= */ null, /* optional= */ true))
.isNull(); .isNull();
} }
@ -149,7 +149,7 @@ public class SslContextSecretVolumeSecretProviderTest {
// tlsCertificate is not null but has no value (default instance): expect null // tlsCertificate is not null but has no value (default instance): expect null
TlsCertificate tlsCert = TlsCertificate.getDefaultInstance(); TlsCertificate tlsCert = TlsCertificate.getDefaultInstance();
assertThat( assertThat(
SslContextSecretVolumeSecretProvider.validateTlsCertificate( SecretVolumeSslContextProvider.validateTlsCertificate(
tlsCert, /* optional= */ true)) tlsCert, /* optional= */ true))
.isNull(); .isNull();
} }
@ -162,7 +162,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setPrivateKey(DataSource.newBuilder().setInlineString("foo")) .setPrivateKey(DataSource.newBuilder().setInlineString("foo"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.validateTlsCertificate(tlsCert, /* optional= */ false); SecretVolumeSslContextProvider.validateTlsCertificate(tlsCert, /* optional= */ false);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertThat(expected).hasMessageThat().isEqualTo("filename expected"); assertThat(expected).hasMessageThat().isEqualTo("filename expected");
@ -177,7 +177,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setPrivateKey(DataSource.newBuilder().setInlineString("foo")) .setPrivateKey(DataSource.newBuilder().setInlineString("foo"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.validateTlsCertificate(tlsCert, /* optional= */ true); SecretVolumeSslContextProvider.validateTlsCertificate(tlsCert, /* optional= */ true);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertThat(expected).hasMessageThat().isEqualTo("filename expected"); assertThat(expected).hasMessageThat().isEqualTo("filename expected");
@ -192,7 +192,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setCertificateChain(DataSource.newBuilder().setInlineString("foo")) .setCertificateChain(DataSource.newBuilder().setInlineString("foo"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.validateTlsCertificate(tlsCert, /* optional= */ false); SecretVolumeSslContextProvider.validateTlsCertificate(tlsCert, /* optional= */ false);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertThat(expected).hasMessageThat().isEqualTo("filename expected"); assertThat(expected).hasMessageThat().isEqualTo("filename expected");
@ -207,7 +207,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setCertificateChain(DataSource.newBuilder().setInlineString("foo")) .setCertificateChain(DataSource.newBuilder().setInlineString("foo"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.validateTlsCertificate(tlsCert, /* optional= */ true); SecretVolumeSslContextProvider.validateTlsCertificate(tlsCert, /* optional= */ true);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertThat(expected).hasMessageThat().isEqualTo("filename expected"); assertThat(expected).hasMessageThat().isEqualTo("filename expected");
@ -222,7 +222,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setPrivateKey(DataSource.newBuilder().setFilename("bar")) .setPrivateKey(DataSource.newBuilder().setFilename("bar"))
.build(); .build();
assertThat( assertThat(
SslContextSecretVolumeSecretProvider.validateTlsCertificate( SecretVolumeSslContextProvider.validateTlsCertificate(
tlsCert, /* optional= */ true)) tlsCert, /* optional= */ true))
.isSameInstanceAs(tlsCert); .isSameInstanceAs(tlsCert);
} }
@ -235,7 +235,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setPrivateKey(DataSource.newBuilder().setFilename("bar")) .setPrivateKey(DataSource.newBuilder().setFilename("bar"))
.build(); .build();
assertThat( assertThat(
SslContextSecretVolumeSecretProvider.validateTlsCertificate( SecretVolumeSslContextProvider.validateTlsCertificate(
tlsCert, /* optional= */ false)) tlsCert, /* optional= */ false))
.isSameInstanceAs(tlsCert); .isSameInstanceAs(tlsCert);
} }
@ -249,7 +249,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setPrivateKey(DataSource.newBuilder().setFilename("bar")) .setPrivateKey(DataSource.newBuilder().setFilename("bar"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.validateTlsCertificate(tlsCert, /* optional= */ true); SecretVolumeSslContextProvider.validateTlsCertificate(tlsCert, /* optional= */ true);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertThat(expected).hasMessageThat().isEqualTo("filename expected"); assertThat(expected).hasMessageThat().isEqualTo("filename expected");
@ -265,7 +265,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setCertificateChain(DataSource.newBuilder().setFilename("bar")) .setCertificateChain(DataSource.newBuilder().setFilename("bar"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.validateTlsCertificate(tlsCert, /* optional= */ true); SecretVolumeSslContextProvider.validateTlsCertificate(tlsCert, /* optional= */ true);
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
assertThat(expected).hasMessageThat().isEqualTo("filename expected"); assertThat(expected).hasMessageThat().isEqualTo("filename expected");
@ -276,7 +276,7 @@ public class SslContextSecretVolumeSecretProviderTest {
public void getProviderForServer_defaultTlsCertificate_throwsException() { public void getProviderForServer_defaultTlsCertificate_throwsException() {
TlsCertificate tlsCert = TlsCertificate.getDefaultInstance(); TlsCertificate tlsCert = TlsCertificate.getDefaultInstance();
try { try {
SslContextSecretVolumeSecretProvider.getProviderForServer( SecretVolumeSslContextProvider.getProviderForServer(
buildDownstreamTlsContext(getCommonTlsContext(tlsCert, /* certContext= */ null))); buildDownstreamTlsContext(getCommonTlsContext(tlsCert, /* certContext= */ null)));
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -296,7 +296,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setTrustedCa(DataSource.newBuilder().setInlineString("foo")) .setTrustedCa(DataSource.newBuilder().setInlineString("foo"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.getProviderForServer( SecretVolumeSslContextProvider.getProviderForServer(
buildDownstreamTlsContext(getCommonTlsContext(tlsCert, certContext))); buildDownstreamTlsContext(getCommonTlsContext(tlsCert, certContext)));
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -308,7 +308,7 @@ public class SslContextSecretVolumeSecretProviderTest {
public void getProviderForClient_defaultCertContext_throwsException() { public void getProviderForClient_defaultCertContext_throwsException() {
CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance(); CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance();
try { try {
SslContextSecretVolumeSecretProvider.getProviderForClient( SecretVolumeSslContextProvider.getProviderForClient(
buildUpstreamTlsContext(getCommonTlsContext(/* tlsCertificate= */ null, certContext))); buildUpstreamTlsContext(getCommonTlsContext(/* tlsCertificate= */ null, certContext)));
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -328,7 +328,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setTrustedCa(DataSource.newBuilder().setFilename("foo")) .setTrustedCa(DataSource.newBuilder().setFilename("foo"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.getProviderForClient( SecretVolumeSslContextProvider.getProviderForClient(
buildUpstreamTlsContext(getCommonTlsContext(tlsCert, certContext))); buildUpstreamTlsContext(getCommonTlsContext(tlsCert, certContext)));
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -348,7 +348,7 @@ public class SslContextSecretVolumeSecretProviderTest {
.setTrustedCa(DataSource.newBuilder().setFilename("foo")) .setTrustedCa(DataSource.newBuilder().setFilename("foo"))
.build(); .build();
try { try {
SslContextSecretVolumeSecretProvider.getProviderForClient( SecretVolumeSslContextProvider.getProviderForClient(
buildUpstreamTlsContext(getCommonTlsContext(tlsCert, certContext))); buildUpstreamTlsContext(getCommonTlsContext(tlsCert, certContext)));
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -360,8 +360,8 @@ public class SslContextSecretVolumeSecretProviderTest {
return TestUtils.loadCert(resFile).getAbsolutePath(); return TestUtils.loadCert(resFile).getAbsolutePath();
} }
/** Helper method to build SslContextSecretVolumeSecretProvider from given files. */ /** Helper method to build SecretVolumeSslContextProvider from given files. */
private static SslContextSecretVolumeSecretProvider getSslContextSecretVolumeSecretProvider( private static SecretVolumeSslContextProvider getSslContextSecretVolumeSecretProvider(
boolean server, String certChainFilename, String privateKeyFilename, String trustedCaFilename) boolean server, String certChainFilename, String privateKeyFilename, String trustedCaFilename)
throws IOException { throws IOException {
@ -376,22 +376,22 @@ public class SslContextSecretVolumeSecretProviderTest {
trustedCaFilename = getTempFileNameForResourcesFile(trustedCaFilename); trustedCaFilename = getTempFileNameForResourcesFile(trustedCaFilename);
} }
return server return server
? SslContextSecretVolumeSecretProvider.getProviderForServer( ? SecretVolumeSslContextProvider.getProviderForServer(
buildDownstreamTlsContextFromFilenames( buildDownstreamTlsContextFromFilenames(
privateKeyFilename, certChainFilename, trustedCaFilename)) privateKeyFilename, certChainFilename, trustedCaFilename))
: SslContextSecretVolumeSecretProvider.getProviderForClient( : SecretVolumeSslContextProvider.getProviderForClient(
buildUpstreamTlsContextFromFilenames( buildUpstreamTlsContextFromFilenames(
privateKeyFilename, certChainFilename, trustedCaFilename)); privateKeyFilename, certChainFilename, trustedCaFilename));
} }
/** /**
* Helper method to build SslContextSecretVolumeSecretProvider, call buildSslContext on it and * Helper method to build SecretVolumeSslContextProvider, call buildSslContext on it and
* check returned SslContext. * check returned SslContext.
*/ */
private static void sslContextForEitherWithBothCertAndTrust( private static void sslContextForEitherWithBothCertAndTrust(
boolean server, String pemFile, String keyFile, String caFile) boolean server, String pemFile, String keyFile, String caFile)
throws IOException, CertificateException, CertStoreException { throws IOException, CertificateException, CertStoreException {
SslContextSecretVolumeSecretProvider provider = SecretVolumeSslContextProvider provider =
getSslContextSecretVolumeSecretProvider(server, pemFile, keyFile, caFile); getSslContextSecretVolumeSecretProvider(server, pemFile, keyFile, caFile);
SslContext sslContext = provider.buildSslContextFromSecrets(); SslContext sslContext = provider.buildSslContextFromSecrets();
@ -511,14 +511,14 @@ public class SslContextSecretVolumeSecretProviderTest {
} }
} }
static class TestCallback<T> implements SecretProvider.Callback<T> { static class TestCallback implements SslContextProvider.Callback {
T updatedSecret; SslContext updatedSslContext;
Throwable updatedThrowable; Throwable updatedThrowable;
@Override @Override
public void updateSecret(T secret) { public void updateSecret(SslContext sslContext) {
updatedSecret = secret; updatedSslContext = sslContext;
} }
@Override @Override
@ -531,41 +531,41 @@ public class SslContextSecretVolumeSecretProviderTest {
* Helper method to get the value thru directExecutor callback. Because of directExecutor this is * Helper method to get the value thru directExecutor callback. Because of directExecutor this is
* a synchronous callback - so need to provide a listener. * a synchronous callback - so need to provide a listener.
*/ */
private static TestCallback<SslContext> getValueThruCallback( private static TestCallback getValueThruCallback(
SecretProvider<SslContext> provider) { SslContextProvider provider) {
TestCallback<SslContext> testCallback = new TestCallback<>(); TestCallback testCallback = new TestCallback();
provider.addCallback(testCallback, MoreExecutors.directExecutor()); provider.addCallback(testCallback, MoreExecutors.directExecutor());
return testCallback; return testCallback;
} }
@Test @Test
public void getProviderForServer_both_callsback() throws IOException { public void getProviderForServer_both_callsback() throws IOException {
SslContextSecretVolumeSecretProvider provider = SecretVolumeSslContextProvider provider =
getSslContextSecretVolumeSecretProvider( getSslContextSecretVolumeSecretProvider(
true, SERVER_1_PEM_FILE, SERVER_1_KEY_FILE, CA_PEM_FILE); true, SERVER_1_PEM_FILE, SERVER_1_KEY_FILE, CA_PEM_FILE);
TestCallback<SslContext> testCallback = getValueThruCallback(provider); TestCallback testCallback = getValueThruCallback(provider);
doChecksOnSslContext(true, testCallback.updatedSecret); doChecksOnSslContext(true, testCallback.updatedSslContext);
} }
@Test @Test
public void getProviderForClient_both_callsback() throws IOException { public void getProviderForClient_both_callsback() throws IOException {
SslContextSecretVolumeSecretProvider provider = SecretVolumeSslContextProvider provider =
getSslContextSecretVolumeSecretProvider( getSslContextSecretVolumeSecretProvider(
false, CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE); false, CLIENT_PEM_FILE, CLIENT_KEY_FILE, CA_PEM_FILE);
TestCallback<SslContext> testCallback = getValueThruCallback(provider); TestCallback testCallback = getValueThruCallback(provider);
doChecksOnSslContext(false, testCallback.updatedSecret); doChecksOnSslContext(false, testCallback.updatedSslContext);
} }
// note this test generates stack-trace but can be safely ignored // note this test generates stack-trace but can be safely ignored
@Test @Test
public void getProviderForClient_both_callsback_setException() throws IOException { public void getProviderForClient_both_callsback_setException() throws IOException {
SslContextSecretVolumeSecretProvider provider = SecretVolumeSslContextProvider provider =
getSslContextSecretVolumeSecretProvider( getSslContextSecretVolumeSecretProvider(
false, CLIENT_PEM_FILE, CLIENT_PEM_FILE, CA_PEM_FILE); false, CLIENT_PEM_FILE, CLIENT_PEM_FILE, CA_PEM_FILE);
TestCallback<SslContext> testCallback = getValueThruCallback(provider); TestCallback testCallback = getValueThruCallback(provider);
assertThat(testCallback.updatedSecret).isNull(); assertThat(testCallback.updatedSslContext).isNull();
assertThat(testCallback.updatedThrowable).isInstanceOf(IllegalArgumentException.class); assertThat(testCallback.updatedThrowable).isInstanceOf(IllegalArgumentException.class);
assertThat(testCallback.updatedThrowable).hasMessageThat() assertThat(testCallback.updatedThrowable).hasMessageThat()
.contains("File does not contain valid private key"); .contains("File does not contain valid private key");

9
xds/src/test/java/io/grpc/xds/sds/TlsContextManagerTest.java
View File

@ -20,7 +20,6 @@ import static com.google.common.truth.Truth.assertThat;
import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext; import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.netty.handler.ssl.SslContext;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.junit.runners.JUnit4; import org.junit.runners.JUnit4;
@ -36,10 +35,10 @@ public class TlsContextManagerTest {
@Test @Test
public void createServerSslContextProvider() { public void createServerSslContextProvider() {
DownstreamTlsContext downstreamTlsContext = DownstreamTlsContext downstreamTlsContext =
SslContextSecretVolumeSecretProviderTest.buildDownstreamTlsContextFromFilenames( SecretVolumeSslContextProviderTest.buildDownstreamTlsContextFromFilenames(
SERVER_1_KEY_FILE, SERVER_1_PEM_FILE, /* trustCa= */ null); SERVER_1_KEY_FILE, SERVER_1_PEM_FILE, /* trustCa= */ null);
SecretProvider<SslContext> serverSecretProvider = SslContextProvider serverSecretProvider =
TlsContextManager.getInstance().findOrCreateServerSslContextProvider(downstreamTlsContext); TlsContextManager.getInstance().findOrCreateServerSslContextProvider(downstreamTlsContext);
assertThat(serverSecretProvider).isNotNull(); assertThat(serverSecretProvider).isNotNull();
} }
@ -47,10 +46,10 @@ public class TlsContextManagerTest {
@Test @Test
public void createClientSslContextProvider() { public void createClientSslContextProvider() {
UpstreamTlsContext upstreamTlsContext = UpstreamTlsContext upstreamTlsContext =
SslContextSecretVolumeSecretProviderTest.buildUpstreamTlsContextFromFilenames( SecretVolumeSslContextProviderTest.buildUpstreamTlsContextFromFilenames(
/* privateKey= */ null, /* certChain= */ null, CA_PEM_FILE); /* privateKey= */ null, /* certChain= */ null, CA_PEM_FILE);
SecretProvider<SslContext> serverSecretProvider = SslContextProvider serverSecretProvider =
TlsContextManager.getInstance().findOrCreateClientSslContextProvider(upstreamTlsContext); TlsContextManager.getInstance().findOrCreateClientSslContextProvider(upstreamTlsContext);
assertThat(serverSecretProvider).isNotNull(); assertThat(serverSecretProvider).isNotNull();
} }