grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

okhttp: Remove unnecessary client certs in TlsTest 

This simplifies the tests and makes them more clear. basicTls_succeeds
was added to confirm excluding the client cert functions.
This commit is contained in:
Eric Anderson 2023-01-09 08:20:29 -08:00
parent a40e4343f5
commit d761fc6db9
1 changed files with 25 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
okhttp/src/test/java/io/grpc/okhttp/TlsTest.java
View File

@ -68,6 +68,27 @@ public class TlsTest {
} }
} }
@Test
public void basicTls_succeeds() throws Exception {
ServerCredentials serverCreds;
try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
serverCreds = TlsServerCredentials.newBuilder()
.keyManager(serverCert, serverPrivateKey)
.build();
}
ChannelCredentials channelCreds;
try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
channelCreds = TlsChannelCredentials.newBuilder()
.trustManager(caCert)
.build();
}
Server server = grpcCleanupRule.register(server(serverCreds));
ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance());
}
@Test @Test
public void mtls_succeeds() throws Exception { public void mtls_succeeds() throws Exception {
ServerCredentials serverCreds; ServerCredentials serverCreds;
@ -174,20 +195,12 @@ public class TlsTest {
public void untrustedServer_fails() throws Exception { public void untrustedServer_fails() throws Exception {
ServerCredentials serverCreds; ServerCredentials serverCreds;
try (InputStream serverCert = TlsTesting.loadCert("server1.pem"); try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
InputStream serverPrivateKey = TlsTesting.loadCert("server1.key"); InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
InputStream caCert = TlsTesting.loadCert("ca.pem")) {
serverCreds = TlsServerCredentials.newBuilder() serverCreds = TlsServerCredentials.newBuilder()
.keyManager(serverCert, serverPrivateKey) .keyManager(serverCert, serverPrivateKey)
.trustManager(caCert)
.build();
}
ChannelCredentials channelCreds;
try (InputStream clientCertChain = TlsTesting.loadCert("client.pem");
InputStream clientPrivateKey = TlsTesting.loadCert("client.key")) {
channelCreds = TlsChannelCredentials.newBuilder()
.keyManager(clientCertChain, clientPrivateKey)
.build(); .build();
} }
ChannelCredentials channelCreds = TlsChannelCredentials.create();
Server server = grpcCleanupRule.register(server(serverCreds)); Server server = grpcCleanupRule.register(server(serverCreds));
ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds)); ManagedChannel channel = grpcCleanupRule.register(clientChannel(server, channelCreds));
@ -198,19 +211,14 @@ public class TlsTest {
public void unmatchedServerSubjectAlternativeNames_fails() throws Exception { public void unmatchedServerSubjectAlternativeNames_fails() throws Exception {
ServerCredentials serverCreds; ServerCredentials serverCreds;
try (InputStream serverCert = TlsTesting.loadCert("server1.pem"); try (InputStream serverCert = TlsTesting.loadCert("server1.pem");
InputStream serverPrivateKey = TlsTesting.loadCert("server1.key"); InputStream serverPrivateKey = TlsTesting.loadCert("server1.key")) {
InputStream caCert = TlsTesting.loadCert("ca.pem")) {
serverCreds = TlsServerCredentials.newBuilder() serverCreds = TlsServerCredentials.newBuilder()
.keyManager(serverCert, serverPrivateKey) .keyManager(serverCert, serverPrivateKey)
.trustManager(caCert)
.build(); .build();
} }
ChannelCredentials channelCreds; ChannelCredentials channelCreds;
try (InputStream clientCertChain = TlsTesting.loadCert("client.pem"); try (InputStream caCert = TlsTesting.loadCert("ca.pem")) {
InputStream clientPrivateKey = TlsTesting.loadCert("client.key");
InputStream caCert = TlsTesting.loadCert("ca.pem")) {
channelCreds = TlsChannelCredentials.newBuilder() channelCreds = TlsChannelCredentials.newBuilder()
.keyManager(clientCertChain, clientPrivateKey)
.trustManager(caCert) .trustManager(caCert)
.build(); .build();
} }