MCPcopy
hub / github.com/grpc/grpc-go / TestEnd2End

Method TestEnd2End

security/advancedtls/advancedtls_integration_test.go:123–411  ·  security/advancedtls/advancedtls_integration_test.go::s.TestEnd2End

The advanced TLS features are tested in different stages. At stage 0, we establish a good connection between client and server. At stage 1, we change one factor(it could be we change the server's certificate, or custom verification function, etc), and test if the following connections would be dropp

(t *testing.T)

Source from the content-addressed store, hash-verified

121// (could be change the client's trust certificate, or change custom
122// verification function, etc)
123func (s) TestEnd2End(t *testing.T) {
124 cs := &testutils.CertStore{}
125 if err := cs.LoadCerts(); err != nil {
126 t.Fatalf("cs.LoadCerts() failed, err: %v", err)
127 }
128 stage := &stageInfo{}
129 for _, test := range []struct {
130 desc string
131 clientCert []tls.Certificate
132 clientGetCert func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
133 clientRoot *x509.CertPool
134 clientGetRoot func(params *ConnectionInfo) (*RootCertificates, error)
135 clientVerifyFunc PostHandshakeVerificationFunc
136 clientVerificationType VerificationType
137 serverCert []tls.Certificate
138 serverGetCert func(*tls.ClientHelloInfo) ([]*tls.Certificate, error)
139 serverRoot *x509.CertPool
140 serverGetRoot func(params *ConnectionInfo) (*RootCertificates, error)
141 serverVerifyFunc PostHandshakeVerificationFunc
142 serverVerificationType VerificationType
143 }{
144 // Test Scenarios:
145 // At initialization(stage = 0), client will be initialized with cert
146 // ClientCert1 and ClientTrust1, server with ServerCert1 and ServerTrust1.
147 // The mutual authentication works at the beginning, since ClientCert1 is
148 // trusted by ServerTrust1, and ServerCert1 by ClientTrust1.
149 // At stage 1, client changes ClientCert1 to ClientCert2. Since ClientCert2
150 // is not trusted by ServerTrust1, following rpc calls are expected to
151 // fail, while the previous rpc calls are still good because those are
152 // already authenticated.
153 // At stage 2, the server changes ServerTrust1 to ServerTrust2, and we
154 // should see it again accepts the connection, since ClientCert2 is trusted
155 // by ServerTrust2.
156 {
157 desc: "test the reloading feature for client identity callback and server trust callback",
158 clientGetCert: func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
159 switch stage.read() {
160 case 0:
161 return &cs.ClientCert1, nil
162 default:
163 return &cs.ClientCert2, nil
164 }
165 },
166 clientRoot: cs.ClientTrust1,
167 clientVerifyFunc: func(*HandshakeVerificationInfo) (*PostHandshakeVerificationResults, error) {
168 return &PostHandshakeVerificationResults{}, nil
169 },
170 clientVerificationType: CertVerification,
171 serverCert: []tls.Certificate{cs.ServerCert1},
172 serverGetRoot: func(*ConnectionInfo) (*RootCertificates, error) {
173 switch stage.read() {
174 case 0, 1:
175 return &RootCertificates{TrustCerts: cs.ServerTrust1}, nil
176 default:
177 return &RootCertificates{TrustCerts: cs.ServerTrust2}, nil
178 }
179 },
180 serverVerifyFunc: func(*HandshakeVerificationInfo) (*PostHandshakeVerificationResults, error) {

Callers

nothing calls this directly

Calls 15

LoadCertsMethod · 0.95
readMethod · 0.95
increaseMethod · 0.95
resetMethod · 0.95
NewServerFunction · 0.92
CredsFunction · 0.92
callAndVerifyFunction · 0.85
NewServerCredsFunction · 0.70
NewClientCredsFunction · 0.70
FatalfMethod · 0.65
ErrorfMethod · 0.65

Tested by

no test coverage detected