Tests the `grpc.CallAuthority` option with TLS credentials. This test verifies that the RPC fails with `UNAVAILABLE` status code and doesn't reach the server when an incorrect authority is used.
(t *testing.T)
| 160 | // that the RPC fails with `UNAVAILABLE` status code and doesn't reach the server |
| 161 | // when an incorrect authority is used. |
| 162 | func (s) TestIncorrectAuthorityWithTLS(t *testing.T) { |
| 163 | cert, err := tls.LoadX509KeyPair(testdata.Path("x509/server1_cert.pem"), testdata.Path("x509/server1_key.pem")) |
| 164 | if err != nil { |
| 165 | t.Fatalf("Failed to load key pair: %s", err) |
| 166 | } |
| 167 | creds, err := credentials.NewClientTLSFromFile(testdata.Path("x509/server_ca_cert.pem"), "x.test.example.com") |
| 168 | if err != nil { |
| 169 | t.Fatalf("Failed to create credentials %v", err) |
| 170 | } |
| 171 | |
| 172 | tests := []struct { |
| 173 | name string |
| 174 | authority string |
| 175 | }{ |
| 176 | { |
| 177 | name: "IncorrectAuthority", |
| 178 | authority: "auth.example.com", |
| 179 | }, |
| 180 | { |
| 181 | name: "IncorrectAuthorityWithPort", |
| 182 | authority: "auth.example.com:8443", |
| 183 | }, |
| 184 | } |
| 185 | |
| 186 | for _, tt := range tests { |
| 187 | t.Run(tt.name, func(t *testing.T) { |
| 188 | |
| 189 | serverCalled := make(chan struct{}) |
| 190 | ss := &stubserver.StubServer{ |
| 191 | EmptyCallF: func(context.Context, *testpb.Empty) (*testpb.Empty, error) { |
| 192 | close(serverCalled) |
| 193 | return nil, nil |
| 194 | }, |
| 195 | } |
| 196 | if err := ss.StartServer(grpc.Creds(credentials.NewServerTLSFromCert(&cert))); err != nil { |
| 197 | t.Fatalf("Error starting endpoint server: %v", err) |
| 198 | } |
| 199 | defer ss.Stop() |
| 200 | cc, err := grpc.NewClient(ss.Address, grpc.WithTransportCredentials(creds)) |
| 201 | if err != nil { |
| 202 | t.Fatalf("grpc.NewClient(%q) = %v", ss.Address, err) |
| 203 | } |
| 204 | defer cc.Close() |
| 205 | ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) |
| 206 | defer cancel() |
| 207 | if _, err = testgrpc.NewTestServiceClient(cc).EmptyCall(ctx, &testpb.Empty{}, grpc.CallAuthority(tt.authority)); status.Code(err) != codes.Unavailable { |
| 208 | t.Fatalf("EmptyCall() returned status %v, want %v", status.Code(err), codes.Unavailable) |
| 209 | } |
| 210 | select { |
| 211 | case <-serverCalled: |
| 212 | t.Fatalf("Server handler should not have been called") |
| 213 | case <-time.After(defaultTestShortTimeout): |
| 214 | } |
| 215 | }) |
| 216 | } |
| 217 | } |
| 218 | |
| 219 | // testAuthInfoNoValidator implements only credentials.AuthInfo and not |
nothing calls this directly
no test coverage detected