diff options
author | Eric Anderson <ejona@google.com> | 2018-02-01 07:25:10 -0800 |
---|---|---|
committer | Eric Anderson <ejona@google.com> | 2018-02-01 12:30:18 -0800 |
commit | f1bc4493b876365e6652140da9aad1209702d401 (patch) | |
tree | d9e8351019a25509c7763515fa6c5c93b6615fae /netty | |
parent | c56114ff796a106a6704828a509a7cf2896b3d75 (diff) | |
download | grpc-grpc-java-f1bc4493b876365e6652140da9aad1209702d401.tar.gz |
netty: Add test to verify error for TLS failure
This is to notice regressions like in #4016
Diffstat (limited to 'netty')
-rw-r--r-- | netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java index dc4c44e79..cd9845ab5 100644 --- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java +++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java @@ -17,6 +17,7 @@ package io.grpc.netty; import static com.google.common.base.Charsets.UTF_8; +import static com.google.common.truth.Truth.assertThat; import static io.grpc.internal.GrpcUtil.DEFAULT_MAX_MESSAGE_SIZE; import static io.grpc.internal.GrpcUtil.DEFAULT_SERVER_KEEPALIVE_TIMEOUT_NANOS; import static io.grpc.internal.GrpcUtil.DEFAULT_SERVER_KEEPALIVE_TIME_NANOS; @@ -67,6 +68,7 @@ import io.netty.channel.socket.SocketChannelConfig; import io.netty.channel.socket.nio.NioServerSocketChannel; import io.netty.channel.socket.nio.NioSocketChannel; import io.netty.handler.codec.http2.StreamBufferingEncoder; +import io.netty.handler.ssl.ClientAuth; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SupportedCipherSuiteFilter; import io.netty.util.AsciiString; @@ -83,6 +85,7 @@ import java.util.Map; import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; +import javax.net.ssl.SSLHandshakeException; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -270,6 +273,42 @@ public class NettyClientTransportTest { } @Test + public void tlsNegotiationFailurePropagatesToStatus() throws Exception { + File serverCert = TestUtils.loadCert("server1.pem"); + File serverKey = TestUtils.loadCert("server1.key"); + // Don't trust ca.pem, so that client auth fails + SslContext sslContext = GrpcSslContexts.forServer(serverCert, serverKey) + .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE) + .clientAuth(ClientAuth.REQUIRE) + .build(); + negotiator = ProtocolNegotiators.serverTls(sslContext); + startServer(); + + File caCert = TestUtils.loadCert("ca.pem"); + File clientCert = TestUtils.loadCert("client.pem"); + File clientKey = TestUtils.loadCert("client.key"); + SslContext clientContext = GrpcSslContexts.forClient() + .trustManager(caCert) + .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE) + .keyManager(clientCert, clientKey) + .build(); + ProtocolNegotiator negotiator = ProtocolNegotiators.tls(clientContext, authority); + final NettyClientTransport transport = newTransport(negotiator); + callMeMaybe(transport.start(clientTransportListener)); + + Rpc rpc = new Rpc(transport).halfClose(); + try { + rpc.waitForClose(); + fail("expected exception"); + } catch (ExecutionException ex) { + StatusException sre = (StatusException) ex.getCause(); + assertEquals(Status.Code.UNAVAILABLE, sre.getStatus().getCode()); + assertThat(sre.getCause()).isInstanceOf(SSLHandshakeException.class); + assertThat(sre.getCause().getMessage()).contains("SSLV3_ALERT_HANDSHAKE_FAILURE"); + } + } + + @Test public void channelExceptionDuringNegotiatonPropagatesToStatus() throws Exception { negotiator = ProtocolNegotiators.serverPlaintext(); startServer(); @@ -521,8 +560,8 @@ public class NettyClientTransportTest { } private ProtocolNegotiator newNegotiator() throws IOException { - File clientCert = TestUtils.loadCert("ca.pem"); - SslContext clientContext = GrpcSslContexts.forClient().trustManager(clientCert) + File caCert = TestUtils.loadCert("ca.pem"); + SslContext clientContext = GrpcSslContexts.forClient().trustManager(caCert) .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE).build(); return ProtocolNegotiators.tls(clientContext, authority); } |