MCPcopy
hub / github.com/grpc/grpc-go / TestServerCredsHandshakeFailure

Method TestServerCredsHandshakeFailure

credentials/xds/xds_server_test.go:276–327  ·  view source on GitHub ↗

TestServerCredsHandshakeFailure verifies the case where the server-side credentials uses a root certificate which does not match the certificate presented by the client, and hence the handshake must fail.

(t *testing.T)

Source from the content-addressed store, hash-verified

274// credentials uses a root certificate which does not match the certificate
275// presented by the client, and hence the handshake must fail.
276func (s) TestServerCredsHandshakeFailure(t *testing.T) {
277 opts := ServerOptions{FallbackCreds: &errorCreds{}}
278 creds, err := NewServerCredentials(opts)
279 if err != nil {
280 t.Fatalf("NewServerCredentials(%v) failed: %v", opts, err)
281 }
282 ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
283 defer cancel()
284
285 // Create a test server which uses the xDS server credentials created above
286 // to perform TLS handshake on incoming connections.
287 ts := newTestServerWithHandshakeFunc(ctx, func(rawConn net.Conn) handshakeResult {
288 // Create a HandshakeInfo which has a root provider which does not match
289 // the certificate sent by the client.
290 hi := xdsinternal.NewHandshakeInfo(makeRootProvider(t, "x509/server_ca_cert.pem"), makeIdentityProvider(t, "x509/client2_cert.pem", "x509/client2_key.pem"), nil, true, "", false, false)
291
292 // Create a wrapped conn which can return the HandshakeInfo and
293 // configured deadline to the xDS credentials' ServerHandshake()
294 // method.
295 conn := newWrappedConn(rawConn, hi, time.Now().Add(defaultTestTimeout))
296
297 // ServerHandshake() on the xDS credentials is expected to fail.
298 if _, _, err := creds.ServerHandshake(conn); err == nil {
299 return handshakeResult{err: errors.New("ServerHandshake() succeeded when expected to fail")}
300 }
301 return handshakeResult{}
302 })
303 defer ts.stop()
304
305 // Dial the test server, and trigger the TLS handshake.
306 rawConn, err := net.Dial("tcp", ts.address)
307 if err != nil {
308 t.Fatalf("net.Dial(%s) failed: %v", ts.address, err)
309 }
310 defer rawConn.Close()
311 tlsConn := tls.Client(rawConn, makeClientTLSConfig(t, true))
312 tlsConn.SetDeadline(time.Now().Add(defaultTestTimeout))
313 if err := tlsConn.Handshake(); err != nil {
314 t.Fatal(err)
315 }
316
317 // Read handshake result from the testServer which will return an error if
318 // the handshake succeeded.
319 val, err := ts.hsResult.Receive(ctx)
320 if err != nil {
321 t.Fatalf("testServer failed to return handshake result: %v", err)
322 }
323 hsr := val.(handshakeResult)
324 if hsr.err != nil {
325 t.Fatalf("testServer handshake failure: %v", hsr.err)
326 }
327}
328
329// TestServerCredsHandshakeSuccess verifies success handshake cases.
330func (s) TestServerCredsHandshakeSuccess(t *testing.T) {

Callers

nothing calls this directly

Calls 15

NewServerCredentialsFunction · 0.85
newWrappedConnFunction · 0.85
makeClientTLSConfigFunction · 0.85
NowMethod · 0.80
makeRootProviderFunction · 0.70
makeIdentityProviderFunction · 0.70
FatalfMethod · 0.65
AddMethod · 0.65
ServerHandshakeMethod · 0.65
stopMethod · 0.65
CloseMethod · 0.65

Tested by

no test coverage detected