validate sslContext in Netty channel/server builder #1699 (#1724)

validate sslContext in Netty channel/server builder #1699 resolves #1699
2016-04-27 13:02:43 -07:00 · 2016-04-27 13:02:43 -07:00 · 804991e80d
parent 6b5177d3e3
commit 804991e80d
4 changed files with 93 additions and 0 deletions
--- a/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyChannelBuilder.java
@ -170,6 +170,8 @@ public class NettyChannelBuilder extends AbstractManagedChannelImplBuilder<Netty
   * GrpcSslContexts}, but options could have been overridden.
   */
  public final NettyChannelBuilder sslContext(SslContext sslContext) {
+    checkArgument(sslContext == null || sslContext.isClient(),
+        "Server SSL context can not be used for client channel");
    this.sslContext = sslContext;
    return this;
  }
--- a/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java
+++ b/netty/src/main/java/io/grpc/netty/NettyServerBuilder.java
@ -177,6 +177,8 @@ public final class NettyServerBuilder extends AbstractServerImplBuilder<NettySer
   * have been configured with {@link GrpcSslContexts}, but options could have been overridden.
   */
  public NettyServerBuilder sslContext(SslContext sslContext) {
+    checkArgument(sslContext == null || sslContext.isServer(),
+        "Client SSL context can not be used for server");
    this.sslContext = sslContext;
    return this;
  }
--- a/netty/src/test/java/io/grpc/netty/NettyChannelBuilderTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyChannelBuilderTest.java
@ -34,6 +34,8 @@ package io.grpc.netty;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;

+import static org.mockito.Mockito.mock;
+
 import io.grpc.internal.ClientTransportFactory;
 import io.grpc.netty.ProtocolNegotiators.TlsNegotiator;
 import io.netty.handler.ssl.SslContext;
@ -89,6 +91,23 @@ public class NettyChannelBuilderTest {
    NettyChannelBuilder.forAddress(new InetSocketAddress("invalid_authority", 1234));
  }

+  @Test
+  public void sslContextCanBeNull() {
+    NettyChannelBuilder builder = new NettyChannelBuilder(new SocketAddress(){});
+    builder.sslContext(null);
+  }
+
+  @Test
+  public void failIfSslContextIsNotClient() {
+    thrown.expect(IllegalArgumentException.class);
+    thrown.expectMessage("Server SSL context can not be used for client channel");
+
+    SslContext sslContext = mock(SslContext.class);
+
+    NettyChannelBuilder builder = new NettyChannelBuilder(new SocketAddress(){});
+    builder.sslContext(sslContext);
+  }
+
  @Test
  public void createProtocolNegotiator_plaintext() {
    ProtocolNegotiator negotiator = NettyChannelBuilder.createProtocolNegotiator(
--- a/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyServerBuilderTest.java
@ -0,0 +1,70 @@
+/*
+ * Copyright 2016, Google Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *    * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *    * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *
+ *    * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package io.grpc.netty;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import io.netty.handler.ssl.SslContext;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+
+/**
+ * Unit tests for {@link NettyServerBuilder}.
+ */
+@RunWith(JUnit4.class)
+public class NettyServerBuilderTest {
+
+  @Rule public final ExpectedException thrown = ExpectedException.none();
+
+  @Test
+  public void sslContextCanBeNull() {
+    NettyServerBuilder builder = NettyServerBuilder.forPort(8080);
+    builder.sslContext(null);
+  }
+
+  @Test
+  public void failIfSslContextIsNotServer() {
+    thrown.expect(IllegalArgumentException.class);
+    thrown.expectMessage("Client SSL context can not be used for server");
+
+    SslContext sslContext = mock(SslContext.class);
+    when(sslContext.isClient()).thenReturn(true);
+
+    NettyServerBuilder builder = NettyServerBuilder.forPort(8080);;
+    builder.sslContext(sslContext);
+  }
+}