From 1165b1e60c7b35e12976fff80e395cc85b94f6ff Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Thu, 27 Oct 2016 16:39:12 -0700 Subject: [PATCH 01/20] Initial commit --- credentials/credentials_test.go | 44 +++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index caf35b2feca8..dc22d6ace87e 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -35,6 +35,10 @@ package credentials import ( "testing" + "net" + "fmt" + "golang.org/x/net/context" + "crypto/tls" ) func TestTLSOverrideServerName(t *testing.T) { @@ -59,3 +63,43 @@ func TestTLSClone(t *testing.T) { t.Fatalf("Change in clone should not affect the original, c.Info().ServerName = %v, want %v", c.Info().ServerName, expectedServerName) } } + +func TestTLSClientHandshakeReturnsTLSInfo(t *testing.T) { + localPort := ":5050" + lis, err := net.Listen("tcp",localPort) + if err != nil { + t.Fatalf("Failed to start local server. Listener error: %v", err) + } + c := NewTLS(&tls.Config{InsecureSkipVerify: true, + Certificates: []tls.Certificate{ + tls.Certificate{}, + }, + CipherSuites: []uint16{ + tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + }, + PreferServerCipherSuites: true, + MaxVersion: 0, + }) + go func() { + serverRawConn, _ := lis.Accept() + serverConn := tls.Server(serverRawConn, c.(*tlsCreds).config) + serverErr := serverConn.Handshake() + if serverErr != nil { + fmt.Println("error on server", serverErr) + } + }() + defer lis.Close() + conn, err := net.Dial("tcp", localPort) + if err != nil { + t.Fatalf("Failed to connect to local server. Error: %v", err) + } + fmt.Println("conn : ", conn) + _, tlsInfo, err := c.ClientHandshake(context.Background(),localPort,conn) + if err != nil { + t.Fatalf("failed at client handshake. Error: %v", err) + } + if tlsInfo == nil { + t.Fatalf("Failed to recieve auth info from client handshake.") + } +} + From d1b12d34b6e700596599bff9f29439596bf6f4d7 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Fri, 28 Oct 2016 11:25:52 -0700 Subject: [PATCH 02/20] Initial commit 2 --- credentials/credentials.go | 2 +- credentials/credentials_test.go | 43 +++++++++++++++------------------ 2 files changed, 20 insertions(+), 25 deletions(-) diff --git a/credentials/credentials.go b/credentials/credentials.go index 5555ef024f67..26a74a4bd5ff 100644 --- a/credentials/credentials.go +++ b/credentials/credentials.go @@ -167,7 +167,7 @@ func (c *tlsCreds) ClientHandshake(ctx context.Context, addr string, rawConn net } // TODO(zhaoq): Omit the auth info for client now. It is more for // information than anything else. - return conn, nil, nil + return conn, TLSInfo{conn.ConnectionState()}, nil } func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error) { diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index dc22d6ace87e..56effb8fa9c3 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -34,11 +34,10 @@ package credentials import ( - "testing" - "net" - "fmt" - "golang.org/x/net/context" "crypto/tls" + "golang.org/x/net/context" + "net" + "testing" ) func TestTLSOverrideServerName(t *testing.T) { @@ -66,40 +65,36 @@ func TestTLSClone(t *testing.T) { func TestTLSClientHandshakeReturnsTLSInfo(t *testing.T) { localPort := ":5050" - lis, err := net.Listen("tcp",localPort) + tlsDir := "../test/testdata/" + lis, err := net.Listen("tcp", localPort) if err != nil { t.Fatalf("Failed to start local server. Listener error: %v", err) } - c := NewTLS(&tls.Config{InsecureSkipVerify: true, - Certificates: []tls.Certificate{ - tls.Certificate{}, - }, - CipherSuites: []uint16{ - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - }, - PreferServerCipherSuites: true, - MaxVersion: 0, - }) + serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") + if err != nil { + t.Fatalf("Failed to create server TLS. Error: %v", err) + } + var serverAuthInfo AuthInfo go func() { serverRawConn, _ := lis.Accept() - serverConn := tls.Server(serverRawConn, c.(*tlsCreds).config) + serverConn := tls.Server(serverRawConn, serverTLS.(*tlsCreds).config) serverErr := serverConn.Handshake() if serverErr != nil { - fmt.Println("error on server", serverErr) + t.Fatalf("Error on server while handshake. Error: %v", serverErr) } + serverAuthInfo = TLSInfo{serverConn.ConnectionState()} }() defer lis.Close() conn, err := net.Dial("tcp", localPort) if err != nil { - t.Fatalf("Failed to connect to local server. Error: %v", err) + t.Fatalf("Client failed to connect to local server. Error: %v", err) } - fmt.Println("conn : ", conn) - _, tlsInfo, err := c.ClientHandshake(context.Background(),localPort,conn) + c := NewTLS(&tls.Config{InsecureSkipVerify: true}) + _, authInfo, err := c.ClientHandshake(context.Background(), localPort, conn) if err != nil { - t.Fatalf("failed at client handshake. Error: %v", err) + t.Fatalf("Error on client while handshake. Error: %v", err) } - if tlsInfo == nil { - t.Fatalf("Failed to recieve auth info from client handshake.") + if authInfo.AuthType() != serverAuthInfo.AuthType() { + t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", localPort, authInfo, serverAuthInfo) } } - From 0129b49fd788e77030eedcb9b7e58a55354e4fa6 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Fri, 28 Oct 2016 15:47:17 -0700 Subject: [PATCH 03/20] minor update --- credentials/credentials_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 56effb8fa9c3..ef2f287701be 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -63,7 +63,7 @@ func TestTLSClone(t *testing.T) { } } -func TestTLSClientHandshakeReturnsTLSInfo(t *testing.T) { +func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { localPort := ":5050" tlsDir := "../test/testdata/" lis, err := net.Listen("tcp", localPort) From c62cf7b8f8090938e4355edff8ea4e016472b0b2 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Fri, 28 Oct 2016 16:03:20 -0700 Subject: [PATCH 04/20] goimport update --- credentials/credentials_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index ef2f287701be..025857e7a202 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -35,9 +35,10 @@ package credentials import ( "crypto/tls" - "golang.org/x/net/context" "net" "testing" + + "golang.org/x/net/context" ) func TestTLSOverrideServerName(t *testing.T) { From 5b3192cebe26548efe9f1be936842104d52ad911 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Fri, 28 Oct 2016 16:42:33 -0700 Subject: [PATCH 05/20] resolved race condition --- credentials/credentials_test.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 025857e7a202..3091255cb742 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -76,7 +76,11 @@ func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { t.Fatalf("Failed to create server TLS. Error: %v", err) } var serverAuthInfo AuthInfo + done := make(chan bool) go func() { + defer func() { + done <- true + }() serverRawConn, _ := lis.Accept() serverConn := tls.Server(serverRawConn, serverTLS.(*tlsCreds).config) serverErr := serverConn.Handshake() @@ -95,6 +99,10 @@ func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { if err != nil { t.Fatalf("Error on client while handshake. Error: %v", err) } + select { + case <-done: + // wait until server has populated the serverAuthInfo struct. + } if authInfo.AuthType() != serverAuthInfo.AuthType() { t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", localPort, authInfo, serverAuthInfo) } From ff332b637b6d29901eca643beb070cad31bddc40 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Fri, 28 Oct 2016 17:11:25 -0700 Subject: [PATCH 06/20] added test for TLSInfo on server side --- credentials/credentials_test.go | 46 +++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 3091255cb742..7ebde076a01a 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -107,3 +107,49 @@ func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", localPort, authInfo, serverAuthInfo) } } + +func TestTLSServerHandshakeReturnsAuthInfo(t *testing.T) { + localPort := ":5050" + tlsDir := "../test/testdata/" + lis, err := net.Listen("tcp", localPort) + if err != nil { + t.Fatalf("Failed to start local server. Listener error: %v", err) + } + serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") + if err != nil { + t.Fatalf("Failed to create server TLS. Error: %v", err) + } + var serverAuthInfo AuthInfo + done := make(chan bool) + go func() { + defer func() { + done <- true + }() + serverRawConn, _ := lis.Accept() + var serverErr error + _, serverAuthInfo, serverErr = serverTLS.ServerHandshake(serverRawConn) + if serverErr != nil { + t.Fatalf("Error on server while handshake. Error: %v", serverErr) + } + }() + defer lis.Close() + conn, err := net.Dial("tcp", localPort) + if err != nil { + t.Fatalf("Client failed to connect to local server. Error: %v", err) + } + c := NewTLS(&tls.Config{InsecureSkipVerify: true}) + clientConn := tls.Client(conn, c.(*tlsCreds).config) + err = clientConn.Handshake() + if err != nil { + t.Fatalf("Error on client while handshake. Error: %v", err) + } + authInfo := TLSInfo{clientConn.ConnectionState()} + select { + case <-done: + // wait until server has populated the serverAuthInfo struct. + } + if authInfo.AuthType() != serverAuthInfo.AuthType() { + t.Fatalf("ServerHandshake(_) = %v, want %v.", serverAuthInfo, authInfo) + } + +} From 915cb50e3c69073d2046d07e741aaff4b1c22779 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Sun, 30 Oct 2016 11:23:17 -0700 Subject: [PATCH 07/20] Post review updates --- credentials/credentials.go | 2 -- credentials/credentials_test.go | 56 +++++++++++++++++---------------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/credentials/credentials.go b/credentials/credentials.go index 26a74a4bd5ff..4d45c3e3c7f2 100644 --- a/credentials/credentials.go +++ b/credentials/credentials.go @@ -165,8 +165,6 @@ func (c *tlsCreds) ClientHandshake(ctx context.Context, addr string, rawConn net case <-ctx.Done(): return nil, nil, ctx.Err() } - // TODO(zhaoq): Omit the auth info for client now. It is more for - // information than anything else. return conn, TLSInfo{conn.ConnectionState()}, nil } diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 7ebde076a01a..a27ab480c750 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -64,24 +64,28 @@ func TestTLSClone(t *testing.T) { } } +const tlsDir = "../test/testdata/" + func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { - localPort := ":5050" - tlsDir := "../test/testdata/" - lis, err := net.Listen("tcp", localPort) + lis, err := net.Listen("tcp", "localhost:0") if err != nil { - t.Fatalf("Failed to start local server. Listener error: %v", err) + t.Fatalf("Failed to listen: %v", err) } + defer lis.Close() serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { t.Fatalf("Failed to create server TLS. Error: %v", err) } - var serverAuthInfo AuthInfo + var serverAuthInfo TLSInfo done := make(chan bool) go func() { defer func() { done <- true }() - serverRawConn, _ := lis.Accept() + serverRawConn, err := lis.Accept() + if err != nil { + t.Fatalf("Server failed to accept connection: %v", err) + } serverConn := tls.Server(serverRawConn, serverTLS.(*tlsCreds).config) serverErr := serverConn.Handshake() if serverErr != nil { @@ -89,32 +93,29 @@ func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { } serverAuthInfo = TLSInfo{serverConn.ConnectionState()} }() - defer lis.Close() - conn, err := net.Dial("tcp", localPort) + conn, err := net.Dial("tcp", lis.Addr().String()) if err != nil { t.Fatalf("Client failed to connect to local server. Error: %v", err) } + defer conn.Close() c := NewTLS(&tls.Config{InsecureSkipVerify: true}) - _, authInfo, err := c.ClientHandshake(context.Background(), localPort, conn) + _, authInfo, err := c.ClientHandshake(context.Background(), lis.Addr().String(), conn) if err != nil { t.Fatalf("Error on client while handshake. Error: %v", err) } - select { - case <-done: - // wait until server has populated the serverAuthInfo struct. - } - if authInfo.AuthType() != serverAuthInfo.AuthType() { - t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", localPort, authInfo, serverAuthInfo) + // wait until server has populated the serverAuthInfo struct. + <-done + if authInfo.(TLSInfo).State.Version != serverAuthInfo.State.Version { + t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", lis.Addr().String(), authInfo, serverAuthInfo) } } func TestTLSServerHandshakeReturnsAuthInfo(t *testing.T) { - localPort := ":5050" - tlsDir := "../test/testdata/" - lis, err := net.Listen("tcp", localPort) + lis, err := net.Listen("tcp", "localhost:0") if err != nil { - t.Fatalf("Failed to start local server. Listener error: %v", err) + t.Fatalf("Failed to listen: %v", err) } + defer lis.Close() serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { t.Fatalf("Failed to create server TLS. Error: %v", err) @@ -125,18 +126,21 @@ func TestTLSServerHandshakeReturnsAuthInfo(t *testing.T) { defer func() { done <- true }() - serverRawConn, _ := lis.Accept() + serverRawConn, err := lis.Accept() + if err != nil { + t.Fatalf("Server failed to accept connection: %v", err) + } var serverErr error _, serverAuthInfo, serverErr = serverTLS.ServerHandshake(serverRawConn) if serverErr != nil { t.Fatalf("Error on server while handshake. Error: %v", serverErr) } }() - defer lis.Close() - conn, err := net.Dial("tcp", localPort) + conn, err := net.Dial("tcp", lis.Addr().String()) if err != nil { t.Fatalf("Client failed to connect to local server. Error: %v", err) } + defer conn.Close() c := NewTLS(&tls.Config{InsecureSkipVerify: true}) clientConn := tls.Client(conn, c.(*tlsCreds).config) err = clientConn.Handshake() @@ -144,11 +148,9 @@ func TestTLSServerHandshakeReturnsAuthInfo(t *testing.T) { t.Fatalf("Error on client while handshake. Error: %v", err) } authInfo := TLSInfo{clientConn.ConnectionState()} - select { - case <-done: - // wait until server has populated the serverAuthInfo struct. - } - if authInfo.AuthType() != serverAuthInfo.AuthType() { + // wait until server has populated the serverAuthInfo struct. + <-done + if authInfo.State.Version != serverAuthInfo.(TLSInfo).State.Version { t.Fatalf("ServerHandshake(_) = %v, want %v.", serverAuthInfo, authInfo) } From 6c58b32e04e6081f503a513b9cbddf61474ce2a8 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Mon, 31 Oct 2016 14:15:17 -0700 Subject: [PATCH 08/20] port review changes debug debug --- credentials/credentials_test.go | 51 +++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index a27ab480c750..f4e6dc068f68 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -77,25 +77,28 @@ func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { t.Fatalf("Failed to create server TLS. Error: %v", err) } var serverAuthInfo TLSInfo - done := make(chan bool) + errChan := make(chan error) go func() { + var sErr error defer func() { - done <- true + errChan <- sErr }() - serverRawConn, err := lis.Accept() - if err != nil { - t.Fatalf("Server failed to accept connection: %v", err) + serverRawConn, sErr := lis.Accept() + if sErr != nil { + t.Errorf("Server failed to accept connection: %v", sErr) + return } serverConn := tls.Server(serverRawConn, serverTLS.(*tlsCreds).config) - serverErr := serverConn.Handshake() - if serverErr != nil { - t.Fatalf("Error on server while handshake. Error: %v", serverErr) + sErr = serverConn.Handshake() + if sErr != nil { + t.Errorf("Error on server while handshake. Error: %v", sErr) + return } serverAuthInfo = TLSInfo{serverConn.ConnectionState()} }() conn, err := net.Dial("tcp", lis.Addr().String()) if err != nil { - t.Fatalf("Client failed to connect to local server. Error: %v", err) + t.Fatalf("Client failed to connect to %v. Error: %v", lis.Addr().String(), err) } defer conn.Close() c := NewTLS(&tls.Config{InsecureSkipVerify: true}) @@ -104,7 +107,9 @@ func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { t.Fatalf("Error on client while handshake. Error: %v", err) } // wait until server has populated the serverAuthInfo struct. - <-done + if err = <-errChan; err != nil { + return + } if authInfo.(TLSInfo).State.Version != serverAuthInfo.State.Version { t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", lis.Addr().String(), authInfo, serverAuthInfo) } @@ -121,24 +126,26 @@ func TestTLSServerHandshakeReturnsAuthInfo(t *testing.T) { t.Fatalf("Failed to create server TLS. Error: %v", err) } var serverAuthInfo AuthInfo - done := make(chan bool) + errChan := make(chan error) go func() { + var sErr error defer func() { - done <- true + errChan <- sErr }() - serverRawConn, err := lis.Accept() - if err != nil { - t.Fatalf("Server failed to accept connection: %v", err) + serverRawConn, sErr := lis.Accept() + if sErr != nil { + t.Errorf("Server failed to accept connection: %v", sErr) + return } - var serverErr error - _, serverAuthInfo, serverErr = serverTLS.ServerHandshake(serverRawConn) - if serverErr != nil { - t.Fatalf("Error on server while handshake. Error: %v", serverErr) + _, serverAuthInfo, sErr = serverTLS.ServerHandshake(serverRawConn) + if sErr != nil { + t.Errorf("Error on server while handshake. Error: %v", sErr) + return } }() conn, err := net.Dial("tcp", lis.Addr().String()) if err != nil { - t.Fatalf("Client failed to connect to local server. Error: %v", err) + t.Fatalf("Client failed to connect to %v. Error: %v", lis.Addr().String(), err) } defer conn.Close() c := NewTLS(&tls.Config{InsecureSkipVerify: true}) @@ -149,7 +156,9 @@ func TestTLSServerHandshakeReturnsAuthInfo(t *testing.T) { } authInfo := TLSInfo{clientConn.ConnectionState()} // wait until server has populated the serverAuthInfo struct. - <-done + if err = <-errChan; err != nil { + return + } if authInfo.State.Version != serverAuthInfo.(TLSInfo).State.Version { t.Fatalf("ServerHandshake(_) = %v, want %v.", serverAuthInfo, authInfo) } From 9d3e99770be4921f060779adf0af7c524f7165a0 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Tue, 1 Nov 2016 13:31:38 -0700 Subject: [PATCH 09/20] refactoring and added third function --- credentials/credentials_test.go | 210 +++++++++++++++++++++----------- 1 file changed, 139 insertions(+), 71 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index f4e6dc068f68..2adb1ec41bc0 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -62,105 +62,173 @@ func TestTLSClone(t *testing.T) { if c.Info().ServerName != expectedServerName { t.Fatalf("Change in clone should not affect the original, c.Info().ServerName = %v, want %v", c.Info().ServerName, expectedServerName) } + } const tlsDir = "../test/testdata/" -func TestTLSClientHandshakeReturnsAuthInfo(t *testing.T) { - lis, err := net.Listen("tcp", "localhost:0") +type serverHandshake func(net.Conn, *tls.ConnectionState) error + +func TestClientHandshakeReturnsAuthInfo(t *testing.T) { + var serverConnState tls.ConnectionState + errChan := make(chan error, 1) + lisAddr, err := launchServer(t, &serverConnState, tlsServerHandshake, errChan) if err != nil { - t.Fatalf("Failed to listen: %v", err) + return } - defer lis.Close() - serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") + clientConnState, err := clientHandle(t, gRPCClientHandshake, lisAddr) if err != nil { - t.Fatalf("Failed to create server TLS. Error: %v", err) - } - var serverAuthInfo TLSInfo - errChan := make(chan error) - go func() { - var sErr error - defer func() { - errChan <- sErr - }() - serverRawConn, sErr := lis.Accept() - if sErr != nil { - t.Errorf("Server failed to accept connection: %v", sErr) - return - } - serverConn := tls.Server(serverRawConn, serverTLS.(*tlsCreds).config) - sErr = serverConn.Handshake() - if sErr != nil { - t.Errorf("Error on server while handshake. Error: %v", sErr) - return - } - serverAuthInfo = TLSInfo{serverConn.ConnectionState()} - }() - conn, err := net.Dial("tcp", lis.Addr().String()) + return + } + // wait until server has populated the serverAuthInfo struct or failed. + if err = <-errChan; err != nil { + return + } + if !isEqualState(clientConnState, serverConnState) { + t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", lisAddr, clientConnState, serverConnState) + } +} + +func TestServerHandshakeReturnsAuthInfo(t *testing.T) { + var serverConnState tls.ConnectionState + errChan := make(chan error, 1) + lisAddr, err := launchServer(t, &serverConnState, gRPCServerHandshake, errChan) if err != nil { - t.Fatalf("Client failed to connect to %v. Error: %v", lis.Addr().String(), err) + return } - defer conn.Close() - c := NewTLS(&tls.Config{InsecureSkipVerify: true}) - _, authInfo, err := c.ClientHandshake(context.Background(), lis.Addr().String(), conn) + clientConnState, err := clientHandle(t, tlsClientHandshake, lisAddr) if err != nil { - t.Fatalf("Error on client while handshake. Error: %v", err) + return + } + // wait until server has populated the serverAuthInfo struct or failed. + if err = <-errChan; err != nil { + return + } + if !isEqualState(clientConnState, serverConnState) { + t.Fatalf("ServerHandshake(_) = %v, want %v.", serverConnState, clientConnState) + } +} + +func TestServerAndClientHandshake(t *testing.T) { + var serverConnState tls.ConnectionState + errChan := make(chan error, 1) + lisAddr, err := launchServer(t, &serverConnState, gRPCServerHandshake, errChan) + if err != nil { + return + } + clientConnState, err := clientHandle(t, gRPCClientHandshake, lisAddr) + if err != nil { + return } - // wait until server has populated the serverAuthInfo struct. + // wait until server has populated the serverAuthInfo struct or failed. if err = <-errChan; err != nil { return } - if authInfo.(TLSInfo).State.Version != serverAuthInfo.State.Version { - t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", lis.Addr().String(), authInfo, serverAuthInfo) + if !isEqualState(clientConnState, serverConnState) { + t.Fatalf("Connection states returened by server: %v and client: %v aren't same", serverConnState, clientConnState) + } +} + +func isEqualState(state1, state2 tls.ConnectionState) bool { + if state1.Version == state2.Version && + state1.HandshakeComplete == state2.HandshakeComplete && + state1.CipherSuite == state2.CipherSuite && + state1.NegotiatedProtocol == state2.NegotiatedProtocol { + return true } + return false } -func TestTLSServerHandshakeReturnsAuthInfo(t *testing.T) { +func launchServer(t *testing.T, serverConnState *tls.ConnectionState, hs serverHandshake, errChan chan error) (string, error) { lis, err := net.Listen("tcp", "localhost:0") if err != nil { - t.Fatalf("Failed to listen: %v", err) + t.Errorf("Failed to listen: %v", err) + return "", err } + go serverHandle(t, hs, serverConnState, errChan, lis) + return lis.Addr().String(), nil +} + +// Is run in a seperate go routine. +func serverHandle(t *testing.T, hs func(net.Conn, *tls.ConnectionState) error, serverConnState *tls.ConnectionState, errChan chan error, lis net.Listener) { defer lis.Close() - serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") - if err != nil { - t.Fatalf("Failed to create server TLS. Error: %v", err) - } - var serverAuthInfo AuthInfo - errChan := make(chan error) - go func() { - var sErr error - defer func() { - errChan <- sErr - }() - serverRawConn, sErr := lis.Accept() - if sErr != nil { - t.Errorf("Server failed to accept connection: %v", sErr) - return - } - _, serverAuthInfo, sErr = serverTLS.ServerHandshake(serverRawConn) - if sErr != nil { - t.Errorf("Error on server while handshake. Error: %v", sErr) - return - } + var err error + defer func() { + errChan <- err }() - conn, err := net.Dial("tcp", lis.Addr().String()) + serverRawConn, err := lis.Accept() + if err != nil { + t.Errorf("Server failed to accept connection: %v", err) + return + } + err = hs(serverRawConn, serverConnState) + if err != nil { + t.Errorf("Error at server-side while handshake. Error: %v", err) + return + } +} + +func clientHandle(t *testing.T, hs func(net.Conn, string) (tls.ConnectionState, error), lisAddr string) (tls.ConnectionState, error) { + conn, err := net.Dial("tcp", lisAddr) if err != nil { - t.Fatalf("Client failed to connect to %v. Error: %v", lis.Addr().String(), err) + t.Errorf("Client failed to connect to %s. Error: %v", lisAddr, err) + return tls.ConnectionState{}, err } defer conn.Close() - c := NewTLS(&tls.Config{InsecureSkipVerify: true}) - clientConn := tls.Client(conn, c.(*tlsCreds).config) - err = clientConn.Handshake() + clientConnState, err := hs(conn, lisAddr) if err != nil { - t.Fatalf("Error on client while handshake. Error: %v", err) + t.Errorf("Error on client while handshake. Error: %v", err) } - authInfo := TLSInfo{clientConn.ConnectionState()} - // wait until server has populated the serverAuthInfo struct. - if err = <-errChan; err != nil { - return + return clientConnState, err +} + +// Server handshake implementation using gRPC. +func gRPCServerHandshake(conn net.Conn, serverConnState *tls.ConnectionState) error { + serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") + if err != nil { + return err + } + _, serverAuthInfo, err := serverTLS.ServerHandshake(conn) + if err != nil { + return err + } + *serverConnState = serverAuthInfo.(TLSInfo).State + return nil +} + +// Client handshake implementation using gRPC. +func gRPCClientHandshake(conn net.Conn, lisAddr string) (tls.ConnectionState, error) { + clientTLS := NewTLS(&tls.Config{InsecureSkipVerify: true}) + _, authInfo, err := clientTLS.ClientHandshake(context.Background(), lisAddr, conn) + if err != nil { + return tls.ConnectionState{}, err } - if authInfo.State.Version != serverAuthInfo.(TLSInfo).State.Version { - t.Fatalf("ServerHandshake(_) = %v, want %v.", serverAuthInfo, authInfo) + return authInfo.(TLSInfo).State, nil +} + +// Server handshake implementation using tls. +func tlsServerHandshake(conn net.Conn, serverConnState *tls.ConnectionState) error { + cert, err := tls.LoadX509KeyPair(tlsDir+"server1.pem", tlsDir+"server1.key") + if err != nil { + return err + } + serverTLSConfig := &tls.Config{Certificates: []tls.Certificate{cert}} + serverConn := tls.Server(conn, serverTLSConfig) + err = serverConn.Handshake() + if err != nil { + return err } + *serverConnState = serverConn.ConnectionState() + return nil +} +// Client handskae implementation using tls. +func tlsClientHandshake(conn net.Conn, _ string) (tls.ConnectionState, error) { + clientTLSConfig := &tls.Config{InsecureSkipVerify: true} + clientConn := tls.Client(conn, clientTLSConfig) + err := clientConn.Handshake() + if err != nil { + return tls.ConnectionState{}, err + } + return clientConn.ConnectionState(), nil } From c98074009a1d3d911729cdd3f20c4fb505c61c15 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Fri, 11 Nov 2016 15:30:36 -0800 Subject: [PATCH 10/20] post review changes --- credentials/credentials_test.go | 70 +++++++++++---------------------- 1 file changed, 24 insertions(+), 46 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 2adb1ec41bc0..15a117809139 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -71,17 +71,11 @@ type serverHandshake func(net.Conn, *tls.ConnectionState) error func TestClientHandshakeReturnsAuthInfo(t *testing.T) { var serverConnState tls.ConnectionState - errChan := make(chan error, 1) - lisAddr, err := launchServer(t, &serverConnState, tlsServerHandshake, errChan) - if err != nil { - return - } - clientConnState, err := clientHandle(t, gRPCClientHandshake, lisAddr) - if err != nil { - return - } + done := make(chan error, 1) + lisAddr := launchServer(t, &serverConnState, tlsServerHandshake, done) + clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server has populated the serverAuthInfo struct or failed. - if err = <-errChan; err != nil { + if err := <-done; err != nil { return } if !isEqualState(clientConnState, serverConnState) { @@ -91,17 +85,11 @@ func TestClientHandshakeReturnsAuthInfo(t *testing.T) { func TestServerHandshakeReturnsAuthInfo(t *testing.T) { var serverConnState tls.ConnectionState - errChan := make(chan error, 1) - lisAddr, err := launchServer(t, &serverConnState, gRPCServerHandshake, errChan) - if err != nil { - return - } - clientConnState, err := clientHandle(t, tlsClientHandshake, lisAddr) - if err != nil { - return - } + done := make(chan error, 1) + lisAddr := launchServer(t, &serverConnState, gRPCServerHandshake, done) + clientConnState := clientHandle(t, tlsClientHandshake, lisAddr) // wait until server has populated the serverAuthInfo struct or failed. - if err = <-errChan; err != nil { + if err := <-done; err != nil { return } if !isEqualState(clientConnState, serverConnState) { @@ -111,17 +99,11 @@ func TestServerHandshakeReturnsAuthInfo(t *testing.T) { func TestServerAndClientHandshake(t *testing.T) { var serverConnState tls.ConnectionState - errChan := make(chan error, 1) - lisAddr, err := launchServer(t, &serverConnState, gRPCServerHandshake, errChan) - if err != nil { - return - } - clientConnState, err := clientHandle(t, gRPCClientHandshake, lisAddr) - if err != nil { - return - } + done := make(chan error, 1) + lisAddr := launchServer(t, &serverConnState, gRPCServerHandshake, done) + clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server has populated the serverAuthInfo struct or failed. - if err = <-errChan; err != nil { + if err := <-done; err != nil { return } if !isEqualState(clientConnState, serverConnState) { @@ -139,22 +121,21 @@ func isEqualState(state1, state2 tls.ConnectionState) bool { return false } -func launchServer(t *testing.T, serverConnState *tls.ConnectionState, hs serverHandshake, errChan chan error) (string, error) { +func launchServer(t *testing.T, serverConnState *tls.ConnectionState, hs serverHandshake, done chan error) string { lis, err := net.Listen("tcp", "localhost:0") if err != nil { - t.Errorf("Failed to listen: %v", err) - return "", err + t.Fatalf("Failed to listen: %v", err) } - go serverHandle(t, hs, serverConnState, errChan, lis) - return lis.Addr().String(), nil + go serverHandle(t, hs, serverConnState, done, lis) + return lis.Addr().String() } // Is run in a seperate go routine. -func serverHandle(t *testing.T, hs func(net.Conn, *tls.ConnectionState) error, serverConnState *tls.ConnectionState, errChan chan error, lis net.Listener) { +func serverHandle(t *testing.T, hs func(net.Conn, *tls.ConnectionState) error, serverConnState *tls.ConnectionState, done chan error, lis net.Listener) { defer lis.Close() var err error defer func() { - errChan <- err + done <- err }() serverRawConn, err := lis.Accept() if err != nil { @@ -168,21 +149,20 @@ func serverHandle(t *testing.T, hs func(net.Conn, *tls.ConnectionState) error, s } } -func clientHandle(t *testing.T, hs func(net.Conn, string) (tls.ConnectionState, error), lisAddr string) (tls.ConnectionState, error) { +func clientHandle(t *testing.T, hs func(net.Conn, string) (tls.ConnectionState, error), lisAddr string) tls.ConnectionState { conn, err := net.Dial("tcp", lisAddr) if err != nil { - t.Errorf("Client failed to connect to %s. Error: %v", lisAddr, err) - return tls.ConnectionState{}, err + t.Fatalf("Client failed to connect to %s. Error: %v", lisAddr, err) } defer conn.Close() clientConnState, err := hs(conn, lisAddr) if err != nil { - t.Errorf("Error on client while handshake. Error: %v", err) + t.Fatalf("Error on client while handshake. Error: %v", err) } - return clientConnState, err + return clientConnState } -// Server handshake implementation using gRPC. +// Server handshake implementation in gRPC. func gRPCServerHandshake(conn net.Conn, serverConnState *tls.ConnectionState) error { serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { @@ -196,7 +176,7 @@ func gRPCServerHandshake(conn net.Conn, serverConnState *tls.ConnectionState) er return nil } -// Client handshake implementation using gRPC. +// Client handshake implementation in gRPC. func gRPCClientHandshake(conn net.Conn, lisAddr string) (tls.ConnectionState, error) { clientTLS := NewTLS(&tls.Config{InsecureSkipVerify: true}) _, authInfo, err := clientTLS.ClientHandshake(context.Background(), lisAddr, conn) @@ -206,7 +186,6 @@ func gRPCClientHandshake(conn net.Conn, lisAddr string) (tls.ConnectionState, er return authInfo.(TLSInfo).State, nil } -// Server handshake implementation using tls. func tlsServerHandshake(conn net.Conn, serverConnState *tls.ConnectionState) error { cert, err := tls.LoadX509KeyPair(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { @@ -222,7 +201,6 @@ func tlsServerHandshake(conn net.Conn, serverConnState *tls.ConnectionState) err return nil } -// Client handskae implementation using tls. func tlsClientHandshake(conn net.Conn, _ string) (tls.ConnectionState, error) { clientTLSConfig := &tls.Config{InsecureSkipVerify: true} clientConn := tls.Client(conn, clientTLSConfig) From 6fdee0145b5a09e8c69d86a10eb1c9836777814a Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Tue, 15 Nov 2016 18:18:09 -0800 Subject: [PATCH 11/20] post review changes --- credentials/credentials_test.go | 66 ++++++++++++++++----------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 15a117809139..4dc770d74e8d 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -67,15 +67,15 @@ func TestTLSClone(t *testing.T) { const tlsDir = "../test/testdata/" -type serverHandshake func(net.Conn, *tls.ConnectionState) error +type serverHandshake func(net.Conn) (tls.ConnectionState, error) func TestClientHandshakeReturnsAuthInfo(t *testing.T) { - var serverConnState tls.ConnectionState - done := make(chan error, 1) - lisAddr := launchServer(t, &serverConnState, tlsServerHandshake, done) + done := make(chan tls.ConnectionState, 1) + lisAddr := launchServer(t, tlsServerHandshake, done) clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) - // wait until server has populated the serverAuthInfo struct or failed. - if err := <-done; err != nil { + // wait until server sends serverConnState or fails. + serverConnState := <-done + if isEqualState(serverConnState, tls.ConnectionState{}) { return } if !isEqualState(clientConnState, serverConnState) { @@ -84,12 +84,12 @@ func TestClientHandshakeReturnsAuthInfo(t *testing.T) { } func TestServerHandshakeReturnsAuthInfo(t *testing.T) { - var serverConnState tls.ConnectionState - done := make(chan error, 1) - lisAddr := launchServer(t, &serverConnState, gRPCServerHandshake, done) + done := make(chan tls.ConnectionState, 1) + lisAddr := launchServer(t, gRPCServerHandshake, done) clientConnState := clientHandle(t, tlsClientHandshake, lisAddr) - // wait until server has populated the serverAuthInfo struct or failed. - if err := <-done; err != nil { + // wait until server sends serverConnState or fails. + serverConnState := <-done + if isEqualState(serverConnState, tls.ConnectionState{}) { return } if !isEqualState(clientConnState, serverConnState) { @@ -98,12 +98,12 @@ func TestServerHandshakeReturnsAuthInfo(t *testing.T) { } func TestServerAndClientHandshake(t *testing.T) { - var serverConnState tls.ConnectionState - done := make(chan error, 1) - lisAddr := launchServer(t, &serverConnState, gRPCServerHandshake, done) + done := make(chan tls.ConnectionState, 1) + lisAddr := launchServer(t, gRPCServerHandshake, done) clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) - // wait until server has populated the serverAuthInfo struct or failed. - if err := <-done; err != nil { + // wait until server sends serverConnState or fails. + serverConnState := <-done + if isEqualState(serverConnState, tls.ConnectionState{}) { return } if !isEqualState(clientConnState, serverConnState) { @@ -121,28 +121,28 @@ func isEqualState(state1, state2 tls.ConnectionState) bool { return false } -func launchServer(t *testing.T, serverConnState *tls.ConnectionState, hs serverHandshake, done chan error) string { +func launchServer(t *testing.T, hs serverHandshake, done chan tls.ConnectionState) string { lis, err := net.Listen("tcp", "localhost:0") if err != nil { t.Fatalf("Failed to listen: %v", err) } - go serverHandle(t, hs, serverConnState, done, lis) + go serverHandle(t, hs, done, lis) return lis.Addr().String() } -// Is run in a seperate go routine. -func serverHandle(t *testing.T, hs func(net.Conn, *tls.ConnectionState) error, serverConnState *tls.ConnectionState, done chan error, lis net.Listener) { +// Is run in a seperate goroutine. +func serverHandle(t *testing.T, hs serverHandshake, done chan tls.ConnectionState, lis net.Listener) { defer lis.Close() - var err error + var serverConnState tls.ConnectionState defer func() { - done <- err + done <- serverConnState }() serverRawConn, err := lis.Accept() if err != nil { t.Errorf("Server failed to accept connection: %v", err) return } - err = hs(serverRawConn, serverConnState) + serverConnState, err = hs(serverRawConn) if err != nil { t.Errorf("Error at server-side while handshake. Error: %v", err) return @@ -163,17 +163,17 @@ func clientHandle(t *testing.T, hs func(net.Conn, string) (tls.ConnectionState, } // Server handshake implementation in gRPC. -func gRPCServerHandshake(conn net.Conn, serverConnState *tls.ConnectionState) error { +func gRPCServerHandshake(conn net.Conn) (tls.ConnectionState, error) { serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { - return err + return tls.ConnectionState{}, err } _, serverAuthInfo, err := serverTLS.ServerHandshake(conn) if err != nil { - return err + return tls.ConnectionState{}, err } - *serverConnState = serverAuthInfo.(TLSInfo).State - return nil + serverConnState := serverAuthInfo.(TLSInfo).State + return serverConnState, nil } // Client handshake implementation in gRPC. @@ -186,19 +186,19 @@ func gRPCClientHandshake(conn net.Conn, lisAddr string) (tls.ConnectionState, er return authInfo.(TLSInfo).State, nil } -func tlsServerHandshake(conn net.Conn, serverConnState *tls.ConnectionState) error { +func tlsServerHandshake(conn net.Conn) (tls.ConnectionState, error) { cert, err := tls.LoadX509KeyPair(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { - return err + return tls.ConnectionState{}, err } serverTLSConfig := &tls.Config{Certificates: []tls.Certificate{cert}} serverConn := tls.Server(conn, serverTLSConfig) err = serverConn.Handshake() if err != nil { - return err + return tls.ConnectionState{}, err } - *serverConnState = serverConn.ConnectionState() - return nil + serverConnState := serverConn.ConnectionState() + return serverConnState, nil } func tlsClientHandshake(conn net.Conn, _ string) (tls.ConnectionState, error) { From b792ae85d56303dd8f13a7f67308349012688416 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Wed, 16 Nov 2016 20:03:25 -0800 Subject: [PATCH 12/20] post review updates --- credentials/credentials_test.go | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 4dc770d74e8d..eeca85a2ca28 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -74,9 +74,9 @@ func TestClientHandshakeReturnsAuthInfo(t *testing.T) { lisAddr := launchServer(t, tlsServerHandshake, done) clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server sends serverConnState or fails. - serverConnState := <-done - if isEqualState(serverConnState, tls.ConnectionState{}) { - return + serverConnState, ok := <-done + if !ok { + t.Fatalf("Error at server-side") } if !isEqualState(clientConnState, serverConnState) { t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", lisAddr, clientConnState, serverConnState) @@ -88,9 +88,9 @@ func TestServerHandshakeReturnsAuthInfo(t *testing.T) { lisAddr := launchServer(t, gRPCServerHandshake, done) clientConnState := clientHandle(t, tlsClientHandshake, lisAddr) // wait until server sends serverConnState or fails. - serverConnState := <-done - if isEqualState(serverConnState, tls.ConnectionState{}) { - return + serverConnState, ok := <-done + if !ok { + t.Fatalf("Error at server-side") } if !isEqualState(clientConnState, serverConnState) { t.Fatalf("ServerHandshake(_) = %v, want %v.", serverConnState, clientConnState) @@ -102,9 +102,9 @@ func TestServerAndClientHandshake(t *testing.T) { lisAddr := launchServer(t, gRPCServerHandshake, done) clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server sends serverConnState or fails. - serverConnState := <-done - if isEqualState(serverConnState, tls.ConnectionState{}) { - return + serverConnState, ok := <-done + if !ok { + t.Fatalf("Error at server-side") } if !isEqualState(clientConnState, serverConnState) { t.Fatalf("Connection states returened by server: %v and client: %v aren't same", serverConnState, clientConnState) @@ -133,20 +133,19 @@ func launchServer(t *testing.T, hs serverHandshake, done chan tls.ConnectionStat // Is run in a seperate goroutine. func serverHandle(t *testing.T, hs serverHandshake, done chan tls.ConnectionState, lis net.Listener) { defer lis.Close() - var serverConnState tls.ConnectionState - defer func() { - done <- serverConnState - }() serverRawConn, err := lis.Accept() if err != nil { t.Errorf("Server failed to accept connection: %v", err) + close(done) return } - serverConnState, err = hs(serverRawConn) + serverConnState, err := hs(serverRawConn) if err != nil { - t.Errorf("Error at server-side while handshake. Error: %v", err) + t.Errorf("Server failed while handshake. Error: %v", err) + close(done) return } + done <- serverConnState } func clientHandle(t *testing.T, hs func(net.Conn, string) (tls.ConnectionState, error), lisAddr string) tls.ConnectionState { From 16853daad5d2a75bc71708398a05a5ef7517f8bf Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Thu, 5 Jan 2017 15:56:15 -0800 Subject: [PATCH 13/20] post review commit --- credentials/credentials_test.go | 69 +++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 30 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index eeca85a2ca28..697ed015d5eb 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -36,6 +36,7 @@ package credentials import ( "crypto/tls" "net" + "reflect" "testing" "golang.org/x/net/context" @@ -67,10 +68,10 @@ func TestTLSClone(t *testing.T) { const tlsDir = "../test/testdata/" -type serverHandshake func(net.Conn) (tls.ConnectionState, error) +type serverHandshake func(net.Conn) (AuthInfo, error) func TestClientHandshakeReturnsAuthInfo(t *testing.T) { - done := make(chan tls.ConnectionState, 1) + done := make(chan AuthInfo, 1) lisAddr := launchServer(t, tlsServerHandshake, done) clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server sends serverConnState or fails. @@ -84,7 +85,7 @@ func TestClientHandshakeReturnsAuthInfo(t *testing.T) { } func TestServerHandshakeReturnsAuthInfo(t *testing.T) { - done := make(chan tls.ConnectionState, 1) + done := make(chan AuthInfo, 1) lisAddr := launchServer(t, gRPCServerHandshake, done) clientConnState := clientHandle(t, tlsClientHandshake, lisAddr) // wait until server sends serverConnState or fails. @@ -98,7 +99,7 @@ func TestServerHandshakeReturnsAuthInfo(t *testing.T) { } func TestServerAndClientHandshake(t *testing.T) { - done := make(chan tls.ConnectionState, 1) + done := make(chan AuthInfo, 1) lisAddr := launchServer(t, gRPCServerHandshake, done) clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server sends serverConnState or fails. @@ -111,17 +112,27 @@ func TestServerAndClientHandshake(t *testing.T) { } } -func isEqualState(state1, state2 tls.ConnectionState) bool { - if state1.Version == state2.Version && - state1.HandshakeComplete == state2.HandshakeComplete && - state1.CipherSuite == state2.CipherSuite && - state1.NegotiatedProtocol == state2.NegotiatedProtocol { - return true +func isEqualState(s1, s2 AuthInfo) bool { + if reflect.TypeOf(s1) != reflect.TypeOf(s2) { + return false + } + switch s1.(type) { + case TLSInfo: + state1 := s1.(TLSInfo).State + state2 := s2.(TLSInfo).State + if state1.Version == state2.Version && + state1.HandshakeComplete == state2.HandshakeComplete && + state1.CipherSuite == state2.CipherSuite && + state1.NegotiatedProtocol == state2.NegotiatedProtocol { + return true + } + return false + default: + return false } - return false } -func launchServer(t *testing.T, hs serverHandshake, done chan tls.ConnectionState) string { +func launchServer(t *testing.T, hs serverHandshake, done chan AuthInfo) string { lis, err := net.Listen("tcp", "localhost:0") if err != nil { t.Fatalf("Failed to listen: %v", err) @@ -131,7 +142,7 @@ func launchServer(t *testing.T, hs serverHandshake, done chan tls.ConnectionStat } // Is run in a seperate goroutine. -func serverHandle(t *testing.T, hs serverHandshake, done chan tls.ConnectionState, lis net.Listener) { +func serverHandle(t *testing.T, hs serverHandshake, done chan AuthInfo, lis net.Listener) { defer lis.Close() serverRawConn, err := lis.Accept() if err != nil { @@ -148,7 +159,7 @@ func serverHandle(t *testing.T, hs serverHandshake, done chan tls.ConnectionStat done <- serverConnState } -func clientHandle(t *testing.T, hs func(net.Conn, string) (tls.ConnectionState, error), lisAddr string) tls.ConnectionState { +func clientHandle(t *testing.T, hs func(net.Conn, string) (AuthInfo, error), lisAddr string) AuthInfo { conn, err := net.Dial("tcp", lisAddr) if err != nil { t.Fatalf("Client failed to connect to %s. Error: %v", lisAddr, err) @@ -162,50 +173,48 @@ func clientHandle(t *testing.T, hs func(net.Conn, string) (tls.ConnectionState, } // Server handshake implementation in gRPC. -func gRPCServerHandshake(conn net.Conn) (tls.ConnectionState, error) { +func gRPCServerHandshake(conn net.Conn) (AuthInfo, error) { serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { - return tls.ConnectionState{}, err + return TLSInfo{}, err } _, serverAuthInfo, err := serverTLS.ServerHandshake(conn) if err != nil { - return tls.ConnectionState{}, err + return TLSInfo{}, err } - serverConnState := serverAuthInfo.(TLSInfo).State - return serverConnState, nil + return serverAuthInfo, nil } // Client handshake implementation in gRPC. -func gRPCClientHandshake(conn net.Conn, lisAddr string) (tls.ConnectionState, error) { +func gRPCClientHandshake(conn net.Conn, lisAddr string) (AuthInfo, error) { clientTLS := NewTLS(&tls.Config{InsecureSkipVerify: true}) _, authInfo, err := clientTLS.ClientHandshake(context.Background(), lisAddr, conn) if err != nil { - return tls.ConnectionState{}, err + return TLSInfo{}, err } - return authInfo.(TLSInfo).State, nil + return authInfo, nil } -func tlsServerHandshake(conn net.Conn) (tls.ConnectionState, error) { +func tlsServerHandshake(conn net.Conn) (AuthInfo, error) { cert, err := tls.LoadX509KeyPair(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { - return tls.ConnectionState{}, err + return TLSInfo{}, err } serverTLSConfig := &tls.Config{Certificates: []tls.Certificate{cert}} serverConn := tls.Server(conn, serverTLSConfig) err = serverConn.Handshake() if err != nil { - return tls.ConnectionState{}, err + return TLSInfo{}, err } - serverConnState := serverConn.ConnectionState() - return serverConnState, nil + return TLSInfo{State: serverConn.ConnectionState()}, nil } -func tlsClientHandshake(conn net.Conn, _ string) (tls.ConnectionState, error) { +func tlsClientHandshake(conn net.Conn, _ string) (AuthInfo, error) { clientTLSConfig := &tls.Config{InsecureSkipVerify: true} clientConn := tls.Client(conn, clientTLSConfig) err := clientConn.Handshake() if err != nil { - return tls.ConnectionState{}, err + return TLSInfo{}, err } - return clientConn.ConnectionState(), nil + return TLSInfo{State: clientConn.ConnectionState()}, nil } From 40952fedbe458541659f6aab30562411fc71d876 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Thu, 5 Jan 2017 16:09:11 -0800 Subject: [PATCH 14/20] post review commit --- credentials/credentials_test.go | 42 ++++++++++++++++----------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 697ed015d5eb..d7c75e79e0d7 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -73,53 +73,53 @@ type serverHandshake func(net.Conn) (AuthInfo, error) func TestClientHandshakeReturnsAuthInfo(t *testing.T) { done := make(chan AuthInfo, 1) lisAddr := launchServer(t, tlsServerHandshake, done) - clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) + clientAuthInfo := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server sends serverConnState or fails. - serverConnState, ok := <-done + serverAuthInfo, ok := <-done if !ok { t.Fatalf("Error at server-side") } - if !isEqualState(clientConnState, serverConnState) { - t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", lisAddr, clientConnState, serverConnState) + if !isEqual(clientAuthInfo, serverAuthInfo) { + t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", lisAddr, clientAuthInfo, serverAuthInfo) } } func TestServerHandshakeReturnsAuthInfo(t *testing.T) { done := make(chan AuthInfo, 1) lisAddr := launchServer(t, gRPCServerHandshake, done) - clientConnState := clientHandle(t, tlsClientHandshake, lisAddr) + clientAuthInfo := clientHandle(t, tlsClientHandshake, lisAddr) // wait until server sends serverConnState or fails. - serverConnState, ok := <-done + serverAuthInfo, ok := <-done if !ok { t.Fatalf("Error at server-side") } - if !isEqualState(clientConnState, serverConnState) { - t.Fatalf("ServerHandshake(_) = %v, want %v.", serverConnState, clientConnState) + if !isEqual(clientAuthInfo, serverAuthInfo) { + t.Fatalf("ServerHandshake(_) = %v, want %v.", serverAuthInfo, clientAuthInfo) } } func TestServerAndClientHandshake(t *testing.T) { done := make(chan AuthInfo, 1) lisAddr := launchServer(t, gRPCServerHandshake, done) - clientConnState := clientHandle(t, gRPCClientHandshake, lisAddr) + clientAuthInfo := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server sends serverConnState or fails. - serverConnState, ok := <-done + serverAuthInfo, ok := <-done if !ok { t.Fatalf("Error at server-side") } - if !isEqualState(clientConnState, serverConnState) { - t.Fatalf("Connection states returened by server: %v and client: %v aren't same", serverConnState, clientConnState) + if !isEqual(clientAuthInfo, serverAuthInfo) { + t.Fatalf("Connection states returened by server: %v and client: %v aren't same", serverAuthInfo, clientAuthInfo) } } -func isEqualState(s1, s2 AuthInfo) bool { - if reflect.TypeOf(s1) != reflect.TypeOf(s2) { +func isEqual(a1, a2 AuthInfo) bool { + if reflect.TypeOf(a1) != reflect.TypeOf(a2) { return false } - switch s1.(type) { + switch a1.(type) { case TLSInfo: - state1 := s1.(TLSInfo).State - state2 := s2.(TLSInfo).State + state1 := a1.(TLSInfo).State + state2 := a2.(TLSInfo).State if state1.Version == state2.Version && state1.HandshakeComplete == state2.HandshakeComplete && state1.CipherSuite == state2.CipherSuite && @@ -150,13 +150,13 @@ func serverHandle(t *testing.T, hs serverHandshake, done chan AuthInfo, lis net. close(done) return } - serverConnState, err := hs(serverRawConn) + serverAuthInfo, err := hs(serverRawConn) if err != nil { t.Errorf("Server failed while handshake. Error: %v", err) close(done) return } - done <- serverConnState + done <- serverAuthInfo } func clientHandle(t *testing.T, hs func(net.Conn, string) (AuthInfo, error), lisAddr string) AuthInfo { @@ -165,11 +165,11 @@ func clientHandle(t *testing.T, hs func(net.Conn, string) (AuthInfo, error), lis t.Fatalf("Client failed to connect to %s. Error: %v", lisAddr, err) } defer conn.Close() - clientConnState, err := hs(conn, lisAddr) + clientAuthInfo, err := hs(conn, lisAddr) if err != nil { t.Fatalf("Error on client while handshake. Error: %v", err) } - return clientConnState + return clientAuthInfo } // Server handshake implementation in gRPC. From 1db9a22fd48a3c90d591f054435416d0f8811ac2 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Thu, 5 Jan 2017 16:40:08 -0800 Subject: [PATCH 15/20] post review update --- credentials/credentials_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index d7c75e79e0d7..a46b36a92820 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -79,7 +79,7 @@ func TestClientHandshakeReturnsAuthInfo(t *testing.T) { if !ok { t.Fatalf("Error at server-side") } - if !isEqual(clientAuthInfo, serverAuthInfo) { + if !compare(clientAuthInfo, serverAuthInfo) { t.Fatalf("c.ClientHandshake(_, %v, _) = %v, want %v.", lisAddr, clientAuthInfo, serverAuthInfo) } } @@ -93,7 +93,7 @@ func TestServerHandshakeReturnsAuthInfo(t *testing.T) { if !ok { t.Fatalf("Error at server-side") } - if !isEqual(clientAuthInfo, serverAuthInfo) { + if !compare(clientAuthInfo, serverAuthInfo) { t.Fatalf("ServerHandshake(_) = %v, want %v.", serverAuthInfo, clientAuthInfo) } } @@ -107,12 +107,12 @@ func TestServerAndClientHandshake(t *testing.T) { if !ok { t.Fatalf("Error at server-side") } - if !isEqual(clientAuthInfo, serverAuthInfo) { + if !compare(clientAuthInfo, serverAuthInfo) { t.Fatalf("Connection states returened by server: %v and client: %v aren't same", serverAuthInfo, clientAuthInfo) } } -func isEqual(a1, a2 AuthInfo) bool { +func compare(a1, a2 AuthInfo) bool { if reflect.TypeOf(a1) != reflect.TypeOf(a2) { return false } From 848da095eecbbc80b842ba468a0e2f3be910014b Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Thu, 5 Jan 2017 16:53:45 -0800 Subject: [PATCH 16/20] post review update --- credentials/credentials_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index a46b36a92820..5478d9e2c25c 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -74,7 +74,7 @@ func TestClientHandshakeReturnsAuthInfo(t *testing.T) { done := make(chan AuthInfo, 1) lisAddr := launchServer(t, tlsServerHandshake, done) clientAuthInfo := clientHandle(t, gRPCClientHandshake, lisAddr) - // wait until server sends serverConnState or fails. + // wait until server sends serverAuthInfo or fails. serverAuthInfo, ok := <-done if !ok { t.Fatalf("Error at server-side") @@ -88,7 +88,7 @@ func TestServerHandshakeReturnsAuthInfo(t *testing.T) { done := make(chan AuthInfo, 1) lisAddr := launchServer(t, gRPCServerHandshake, done) clientAuthInfo := clientHandle(t, tlsClientHandshake, lisAddr) - // wait until server sends serverConnState or fails. + // wait until server sends serverAuthInfo or fails. serverAuthInfo, ok := <-done if !ok { t.Fatalf("Error at server-side") @@ -102,13 +102,13 @@ func TestServerAndClientHandshake(t *testing.T) { done := make(chan AuthInfo, 1) lisAddr := launchServer(t, gRPCServerHandshake, done) clientAuthInfo := clientHandle(t, gRPCClientHandshake, lisAddr) - // wait until server sends serverConnState or fails. + // wait until server sends serverAuthInfo or fails. serverAuthInfo, ok := <-done if !ok { t.Fatalf("Error at server-side") } if !compare(clientAuthInfo, serverAuthInfo) { - t.Fatalf("Connection states returened by server: %v and client: %v aren't same", serverAuthInfo, clientAuthInfo) + t.Fatalf("AuthInfo returned by server: %v and client: %v aren't same", serverAuthInfo, clientAuthInfo) } } From 49c570065eb428561a611369c66725178cf212bd Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Thu, 5 Jan 2017 17:26:30 -0800 Subject: [PATCH 17/20] post review update --- credentials/credentials_test.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 5478d9e2c25c..57bad75cd0c3 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -36,7 +36,6 @@ package credentials import ( "crypto/tls" "net" - "reflect" "testing" "golang.org/x/net/context" @@ -113,11 +112,11 @@ func TestServerAndClientHandshake(t *testing.T) { } func compare(a1, a2 AuthInfo) bool { - if reflect.TypeOf(a1) != reflect.TypeOf(a2) { + if a1.AuthType() != a2.AuthType() { return false } - switch a1.(type) { - case TLSInfo: + switch a1.AuthType() { + case "tls": state1 := a1.(TLSInfo).State state2 := a2.(TLSInfo).State if state1.Version == state2.Version && From e7832cf00a02e5fb6e9fb9b7fe94cb3899c1f40b Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Thu, 5 Jan 2017 17:49:57 -0800 Subject: [PATCH 18/20] post review update --- credentials/credentials_test.go | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 57bad75cd0c3..daf878aa368c 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -71,7 +71,9 @@ type serverHandshake func(net.Conn) (AuthInfo, error) func TestClientHandshakeReturnsAuthInfo(t *testing.T) { done := make(chan AuthInfo, 1) - lisAddr := launchServer(t, tlsServerHandshake, done) + lis := launchServer(t, tlsServerHandshake, done) + defer lis.Close() + lisAddr := lis.Addr().String() clientAuthInfo := clientHandle(t, gRPCClientHandshake, lisAddr) // wait until server sends serverAuthInfo or fails. serverAuthInfo, ok := <-done @@ -85,8 +87,9 @@ func TestClientHandshakeReturnsAuthInfo(t *testing.T) { func TestServerHandshakeReturnsAuthInfo(t *testing.T) { done := make(chan AuthInfo, 1) - lisAddr := launchServer(t, gRPCServerHandshake, done) - clientAuthInfo := clientHandle(t, tlsClientHandshake, lisAddr) + lis := launchServer(t, gRPCServerHandshake, done) + defer lis.Close() + clientAuthInfo := clientHandle(t, tlsClientHandshake, lis.Addr().String()) // wait until server sends serverAuthInfo or fails. serverAuthInfo, ok := <-done if !ok { @@ -99,8 +102,9 @@ func TestServerHandshakeReturnsAuthInfo(t *testing.T) { func TestServerAndClientHandshake(t *testing.T) { done := make(chan AuthInfo, 1) - lisAddr := launchServer(t, gRPCServerHandshake, done) - clientAuthInfo := clientHandle(t, gRPCClientHandshake, lisAddr) + lis := launchServer(t, gRPCServerHandshake, done) + defer lis.Close() + clientAuthInfo := clientHandle(t, gRPCClientHandshake, lis.Addr().String()) // wait until server sends serverAuthInfo or fails. serverAuthInfo, ok := <-done if !ok { @@ -131,18 +135,17 @@ func compare(a1, a2 AuthInfo) bool { } } -func launchServer(t *testing.T, hs serverHandshake, done chan AuthInfo) string { +func launchServer(t *testing.T, hs serverHandshake, done chan AuthInfo) net.Listener { lis, err := net.Listen("tcp", "localhost:0") if err != nil { t.Fatalf("Failed to listen: %v", err) } go serverHandle(t, hs, done, lis) - return lis.Addr().String() + return lis } // Is run in a seperate goroutine. func serverHandle(t *testing.T, hs serverHandshake, done chan AuthInfo, lis net.Listener) { - defer lis.Close() serverRawConn, err := lis.Accept() if err != nil { t.Errorf("Server failed to accept connection: %v", err) From ecc30a5a3bb4f029b33ddd3665b7cb28aac92deb Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Thu, 5 Jan 2017 18:02:03 -0800 Subject: [PATCH 19/20] post review commit --- credentials/credentials_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index daf878aa368c..5fbfd541b513 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -178,11 +178,11 @@ func clientHandle(t *testing.T, hs func(net.Conn, string) (AuthInfo, error), lis func gRPCServerHandshake(conn net.Conn) (AuthInfo, error) { serverTLS, err := NewServerTLSFromFile(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { - return TLSInfo{}, err + return nil, err } _, serverAuthInfo, err := serverTLS.ServerHandshake(conn) if err != nil { - return TLSInfo{}, err + return nil, err } return serverAuthInfo, nil } @@ -192,7 +192,7 @@ func gRPCClientHandshake(conn net.Conn, lisAddr string) (AuthInfo, error) { clientTLS := NewTLS(&tls.Config{InsecureSkipVerify: true}) _, authInfo, err := clientTLS.ClientHandshake(context.Background(), lisAddr, conn) if err != nil { - return TLSInfo{}, err + return nil, err } return authInfo, nil } @@ -200,13 +200,13 @@ func gRPCClientHandshake(conn net.Conn, lisAddr string) (AuthInfo, error) { func tlsServerHandshake(conn net.Conn) (AuthInfo, error) { cert, err := tls.LoadX509KeyPair(tlsDir+"server1.pem", tlsDir+"server1.key") if err != nil { - return TLSInfo{}, err + return nil, err } serverTLSConfig := &tls.Config{Certificates: []tls.Certificate{cert}} serverConn := tls.Server(conn, serverTLSConfig) err = serverConn.Handshake() if err != nil { - return TLSInfo{}, err + return nil, err } return TLSInfo{State: serverConn.ConnectionState()}, nil } @@ -216,7 +216,7 @@ func tlsClientHandshake(conn net.Conn, _ string) (AuthInfo, error) { clientConn := tls.Client(conn, clientTLSConfig) err := clientConn.Handshake() if err != nil { - return TLSInfo{}, err + return nil, err } return TLSInfo{State: clientConn.ConnectionState()}, nil } From 74f10a51273fbe2ce6210cb1943b1b373668b171 Mon Sep 17 00:00:00 2001 From: Mahak Mukhi Date: Mon, 9 Jan 2017 11:36:22 -0800 Subject: [PATCH 20/20] post review update --- credentials/credentials_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go index 5fbfd541b513..a5db3867c8f3 100644 --- a/credentials/credentials_test.go +++ b/credentials/credentials_test.go @@ -214,8 +214,7 @@ func tlsServerHandshake(conn net.Conn) (AuthInfo, error) { func tlsClientHandshake(conn net.Conn, _ string) (AuthInfo, error) { clientTLSConfig := &tls.Config{InsecureSkipVerify: true} clientConn := tls.Client(conn, clientTLSConfig) - err := clientConn.Handshake() - if err != nil { + if err := clientConn.Handshake(); err != nil { return nil, err } return TLSInfo{State: clientConn.ConnectionState()}, nil