| # Copyright 2015 gRPC authors. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| require 'grpc' |
| |
| def create_channel_creds |
| test_root = File.join(File.dirname(__FILE__), 'testdata') |
| files = ['ca.pem', 'client.key', 'client.pem'] |
| creds = files.map { |f| File.open(File.join(test_root, f)).read } |
| GRPC::Core::ChannelCredentials.new(creds[0], creds[1], creds[2]) |
| end |
| |
| def client_cert |
| test_root = File.join(File.dirname(__FILE__), 'testdata') |
| cert = File.open(File.join(test_root, 'client.pem')).read |
| fail unless cert.is_a?(String) |
| cert |
| end |
| |
| def create_server_creds |
| test_root = File.join(File.dirname(__FILE__), 'testdata') |
| p "test root: #{test_root}" |
| files = ['ca.pem', 'server1.key', 'server1.pem'] |
| creds = files.map { |f| File.open(File.join(test_root, f)).read } |
| GRPC::Core::ServerCredentials.new( |
| creds[0], |
| [{ private_key: creds[1], cert_chain: creds[2] }], |
| true) # force client auth |
| end |
| |
| # A test message |
| class EchoMsg |
| def self.marshal(_o) |
| '' |
| end |
| |
| def self.unmarshal(_o) |
| EchoMsg.new |
| end |
| end |
| |
| # a test service that checks the cert of its peer |
| class SslTestService |
| include GRPC::GenericService |
| rpc :an_rpc, EchoMsg, EchoMsg |
| rpc :a_client_streaming_rpc, stream(EchoMsg), EchoMsg |
| rpc :a_server_streaming_rpc, EchoMsg, stream(EchoMsg) |
| rpc :a_bidi_rpc, stream(EchoMsg), stream(EchoMsg) |
| |
| def check_peer_cert(call) |
| error_msg = "want:\n#{client_cert}\n\ngot:\n#{call.peer_cert}" |
| fail(error_msg) unless call.peer_cert == client_cert |
| end |
| |
| def an_rpc(req, call) |
| check_peer_cert(call) |
| req |
| end |
| |
| def a_client_streaming_rpc(call) |
| check_peer_cert(call) |
| call.each_remote_read.each { |r| p r } |
| EchoMsg.new |
| end |
| |
| def a_server_streaming_rpc(_, call) |
| check_peer_cert(call) |
| [EchoMsg.new, EchoMsg.new] |
| end |
| |
| def a_bidi_rpc(requests, call) |
| check_peer_cert(call) |
| requests.each { |r| p r } |
| [EchoMsg.new, EchoMsg.new] |
| end |
| end |
| |
| SslTestServiceStub = SslTestService.rpc_stub_class |
| |
| describe 'client-server auth' do |
| RpcServer = GRPC::RpcServer |
| |
| before(:all) do |
| server_opts = { |
| poll_period: 1 |
| } |
| @srv = RpcServer.new(**server_opts) |
| port = @srv.add_http2_port('0.0.0.0:0', create_server_creds) |
| @srv.handle(SslTestService) |
| @srv_thd = Thread.new { @srv.run } |
| @srv.wait_till_running |
| |
| client_opts = { |
| channel_args: { |
| GRPC::Core::Channel::SSL_TARGET => 'foo.test.google.fr' |
| } |
| } |
| @stub = SslTestServiceStub.new("localhost:#{port}", |
| create_channel_creds, |
| **client_opts) |
| end |
| |
| after(:all) do |
| expect(@srv.stopped?).to be(false) |
| @srv.stop |
| @srv_thd.join |
| end |
| |
| it 'client-server auth with unary RPCs' do |
| @stub.an_rpc(EchoMsg.new) |
| end |
| |
| it 'client-server auth with client streaming RPCs' do |
| @stub.a_client_streaming_rpc([EchoMsg.new, EchoMsg.new]) |
| end |
| |
| it 'client-server auth with server streaming RPCs' do |
| responses = @stub.a_server_streaming_rpc(EchoMsg.new) |
| responses.each { |r| p r } |
| end |
| |
| it 'client-server auth with bidi RPCs' do |
| responses = @stub.a_bidi_rpc([EchoMsg.new, EchoMsg.new]) |
| responses.each { |r| p r } |
| end |
| end |
