1
18
19 package authinfo
20
21 import (
22 "bytes"
23 "testing"
24
25 "google.golang.org/grpc/credentials"
26
27 commonpb "github.com/google/s2a-go/internal/proto/common_go_proto"
28 grpcpb "github.com/google/s2a-go/internal/proto/s2a_go_proto"
29 )
30
31 func TestS2AAuthInfo(t *testing.T) {
32 for _, tc := range []struct {
33 desc string
34 sessionResult *grpcpb.SessionResult
35 outAppProtocol string
36 outTLSVersion commonpb.TLSVersion
37 outCiphersuite commonpb.Ciphersuite
38 outPeerIdentity *commonpb.Identity
39 outLocalIdentity *commonpb.Identity
40 outPeerCertFingerprint []byte
41 outLocalCertFingerprint []byte
42 outIsHandshakeResumed bool
43 outErr bool
44 }{
45 {
46 desc: "basic 1",
47 sessionResult: &grpcpb.SessionResult{
48 ApplicationProtocol: "app protocol",
49 State: &grpcpb.SessionState{
50 TlsVersion: commonpb.TLSVersion_TLS1_3,
51 TlsCiphersuite: commonpb.Ciphersuite_AES_128_GCM_SHA256,
52 IsHandshakeResumed: true,
53 },
54 PeerIdentity: &commonpb.Identity{
55 IdentityOneof: &commonpb.Identity_SpiffeId{
56 SpiffeId: "peer spiffe identity",
57 },
58 },
59 LocalIdentity: &commonpb.Identity{
60 IdentityOneof: &commonpb.Identity_Hostname{
61 Hostname: "local hostname",
62 },
63 },
64 PeerCertFingerprint: []byte("peer cert fingerprint"),
65 LocalCertFingerprint: []byte("local cert fingerprint"),
66 },
67 outAppProtocol: "app protocol",
68 outTLSVersion: commonpb.TLSVersion_TLS1_3,
69 outCiphersuite: commonpb.Ciphersuite_AES_128_GCM_SHA256,
70 outPeerIdentity: &commonpb.Identity{
71 IdentityOneof: &commonpb.Identity_SpiffeId{
72 SpiffeId: "peer spiffe identity",
73 },
74 },
75 outLocalIdentity: &commonpb.Identity{
76 IdentityOneof: &commonpb.Identity_Hostname{
77 Hostname: "local hostname",
78 },
79 },
80 outPeerCertFingerprint: []byte("peer cert fingerprint"),
81 outLocalCertFingerprint: []byte("local cert fingerprint"),
82 outIsHandshakeResumed: true,
83 },
84 {
85 desc: "basic 2",
86 sessionResult: &grpcpb.SessionResult{
87 ApplicationProtocol: "app protocol",
88 State: &grpcpb.SessionState{
89 TlsVersion: commonpb.TLSVersion_TLS1_2,
90 TlsCiphersuite: commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
91 },
92 PeerIdentity: &commonpb.Identity{
93 IdentityOneof: &commonpb.Identity_Hostname{
94 Hostname: "local hostname",
95 },
96 },
97 LocalIdentity: &commonpb.Identity{
98 IdentityOneof: &commonpb.Identity_SpiffeId{
99 SpiffeId: "peer spiffe identity",
100 },
101 },
102 PeerCertFingerprint: []byte("peer cert fingerprint"),
103 LocalCertFingerprint: []byte("local cert fingerprint"),
104 },
105 outAppProtocol: "app protocol",
106 outTLSVersion: commonpb.TLSVersion_TLS1_2,
107 outCiphersuite: commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
108 outPeerIdentity: &commonpb.Identity{
109 IdentityOneof: &commonpb.Identity_Hostname{
110 Hostname: "local hostname",
111 },
112 },
113 outLocalIdentity: &commonpb.Identity{
114 IdentityOneof: &commonpb.Identity_SpiffeId{
115 SpiffeId: "peer spiffe identity",
116 },
117 },
118 outPeerCertFingerprint: []byte("peer cert fingerprint"),
119 outLocalCertFingerprint: []byte("local cert fingerprint"),
120 },
121 {
122 desc: "nil identities and fingerprints",
123 sessionResult: &grpcpb.SessionResult{
124 ApplicationProtocol: "app protocol",
125 State: &grpcpb.SessionState{
126 TlsVersion: commonpb.TLSVersion_TLS1_3,
127 TlsCiphersuite: commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
128 },
129 },
130 outAppProtocol: "app protocol",
131 outTLSVersion: commonpb.TLSVersion_TLS1_3,
132 outCiphersuite: commonpb.Ciphersuite_CHACHA20_POLY1305_SHA256,
133 },
134 {
135 desc: "nil session result",
136 outErr: true,
137 },
138 } {
139 t.Run(tc.desc, func(t *testing.T) {
140 authInfo, err := newS2AAuthInfo(tc.sessionResult)
141 if got, want := err == nil, !tc.outErr; got != want {
142 t.Errorf("NewS2AAuthInfo(%v) = (err=nil) = %v, want %v", tc.sessionResult, got, want)
143 }
144 if err == nil {
145 if got, want := authInfo.AuthType(), s2aAuthType; got != want {
146 t.Errorf("authInfo.AuthType() = %v, want %v", got, want)
147 }
148 if got, want := authInfo.ApplicationProtocol(), tc.outAppProtocol; got != want {
149 t.Errorf("authInfo.ApplicationProtocol() = %v, want %v", got, want)
150 }
151 if got, want := authInfo.TLSVersion(), tc.outTLSVersion; got != want {
152 t.Errorf("authInfo.TLSVersion() = %v, want %v", got, want)
153 }
154 if got, want := authInfo.Ciphersuite(), tc.outCiphersuite; got != want {
155 t.Errorf("authInfo.Ciphersuite() = %v, want %v", got, want)
156 }
157 if got, want := authInfo.PeerIdentity().String(), tc.outPeerIdentity.String(); got != want {
158 t.Errorf("authInfo.PeerIdentity() = %v, want %v", got, want)
159 }
160 if got, want := authInfo.LocalIdentity().String(), tc.outLocalIdentity.String(); got != want {
161 t.Errorf("authInfo.LocalIdentity() = %v, want %v", got, want)
162 }
163 if got, want := authInfo.PeerCertFingerprint(), tc.outPeerCertFingerprint; !bytes.Equal(got, want) {
164 t.Errorf("authinfo.PeerCertFingerprint() = %v, want %v", got, want)
165 }
166 if got, want := authInfo.LocalCertFingerprint(), tc.outLocalCertFingerprint; !bytes.Equal(got, want) {
167 t.Errorf("authinfo.LocalCertFingerprint() = %v, want %v", got, want)
168 }
169 if got, want := authInfo.IsHandshakeResumed(), tc.outIsHandshakeResumed; got != want {
170 t.Errorf("authinfo.IsHandshakeResumed() = %v, want %v", got, want)
171 }
172 if got, want := authInfo.SecurityLevel(), credentials.PrivacyAndIntegrity; got != want {
173 t.Errorf("authInfo.SecurityLevel() = %v, want %v", got, want)
174 }
175 }
176 })
177 }
178 }
179
View as plain text