diff --git a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java index 21a39a1449..00659e53de 100644 --- a/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/SecurityProtocolNegotiators.java @@ -44,7 +44,7 @@ import java.util.logging.Logger; import javax.annotation.Nullable; /** - * Provides client and server side gRPC {@link ProtocolNegotiator}s that use SDS to provide the SSL + * Provides client and server side gRPC {@link ProtocolNegotiator}s to provide the SSL * context. */ @VisibleForTesting @@ -61,7 +61,7 @@ public final class SecurityProtocolNegotiators { public static final Attributes.Key ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER = - Attributes.Key.create("io.grpc.xds.internal.sds.server.sslContextProviderSupplier"); + Attributes.Key.create("io.grpc.xds.internal.security.server.sslContextProviderSupplier"); /** * Returns a {@link InternalProtocolNegotiator.ClientFactory}. @@ -88,7 +88,7 @@ public final class SecurityProtocolNegotiators { @Override public ProtocolNegotiator newNegotiator(ObjectPool offloadExecutorPool) { - return new ServerSdsProtocolNegotiator( + return new ServerSecurityProtocolNegotiator( fallbackProtocolNegotiator.newNegotiator(offloadExecutorPool)); } } @@ -103,7 +103,7 @@ public final class SecurityProtocolNegotiators { @Override public ProtocolNegotiator newNegotiator() { - return new ClientSdsProtocolNegotiator(fallbackProtocolNegotiator.newNegotiator()); + return new ClientSecurityProtocolNegotiator(fallbackProtocolNegotiator.newNegotiator()); } @Override @@ -113,11 +113,11 @@ public final class SecurityProtocolNegotiators { } @VisibleForTesting - static final class ClientSdsProtocolNegotiator implements ProtocolNegotiator { + static final class ClientSecurityProtocolNegotiator implements ProtocolNegotiator { @Nullable private final ProtocolNegotiator fallbackProtocolNegotiator; - ClientSdsProtocolNegotiator(@Nullable ProtocolNegotiator fallbackProtocolNegotiator) { + ClientSecurityProtocolNegotiator(@Nullable ProtocolNegotiator fallbackProtocolNegotiator) { this.fallbackProtocolNegotiator = fallbackProtocolNegotiator; } @@ -137,7 +137,7 @@ public final class SecurityProtocolNegotiators { fallbackProtocolNegotiator, "No TLS config and no fallbackProtocolNegotiator!"); return fallbackProtocolNegotiator.newHandler(grpcHandler); } - return new ClientSdsHandler(grpcHandler, localSslContextProviderSupplier); + return new ClientSecurityHandler(grpcHandler, localSslContextProviderSupplier); } @Override @@ -176,12 +176,12 @@ public final class SecurityProtocolNegotiators { } @VisibleForTesting - static final class ClientSdsHandler + static final class ClientSecurityHandler extends InternalProtocolNegotiators.ProtocolNegotiationHandler { private final GrpcHttp2ConnectionHandler grpcHandler; private final SslContextProviderSupplier sslContextProviderSupplier; - ClientSdsHandler( + ClientSecurityHandler( GrpcHttp2ConnectionHandler grpcHandler, SslContextProviderSupplier sslContextProviderSupplier) { super( @@ -214,7 +214,7 @@ public final class SecurityProtocolNegotiators { } logger.log( Level.FINEST, - "ClientSdsHandler.updateSslContext authority={0}, ctx.name={1}", + "ClientSecurityHandler.updateSslContext authority={0}, ctx.name={1}", new Object[]{grpcHandler.getAuthority(), ctx.name()}); ChannelHandler handler = InternalProtocolNegotiators.tls(sslContext).newHandler(grpcHandler); @@ -241,13 +241,14 @@ public final class SecurityProtocolNegotiators { } } - private static final class ServerSdsProtocolNegotiator implements ProtocolNegotiator { + private static final class ServerSecurityProtocolNegotiator implements ProtocolNegotiator { @Nullable private final ProtocolNegotiator fallbackProtocolNegotiator; /** Constructor. */ @VisibleForTesting - public ServerSdsProtocolNegotiator(@Nullable ProtocolNegotiator fallbackProtocolNegotiator) { + public ServerSecurityProtocolNegotiator( + @Nullable ProtocolNegotiator fallbackProtocolNegotiator) { this.fallbackProtocolNegotiator = fallbackProtocolNegotiator; } @@ -306,7 +307,7 @@ public final class SecurityProtocolNegotiators { .replace( this, null, - new ServerSdsHandler( + new ServerSecurityHandler( grpcHandler, sslContextProviderSupplier)); ctx.fireUserEventTriggered(pne); return; @@ -318,12 +319,12 @@ public final class SecurityProtocolNegotiators { } @VisibleForTesting - static final class ServerSdsHandler + static final class ServerSecurityHandler extends InternalProtocolNegotiators.ProtocolNegotiationHandler { private final GrpcHttp2ConnectionHandler grpcHandler; private final SslContextProviderSupplier sslContextProviderSupplier; - ServerSdsHandler( + ServerSecurityHandler( GrpcHttp2ConnectionHandler grpcHandler, SslContextProviderSupplier sslContextProviderSupplier) { super( diff --git a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java index 26d6bcd81b..c9d83902ec 100644 --- a/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java +++ b/xds/src/main/java/io/grpc/xds/internal/security/trust/XdsTrustManagerFactory.java @@ -73,7 +73,7 @@ public final class XdsTrustManagerFactory extends SimpleTrustManagerFactory { certificateValidationContext == null || !certificateValidationContext.hasTrustedCa(), "only static certificateValidationContext expected"); } - xdsX509TrustManager = createSdsX509TrustManager(certs, certificateValidationContext); + xdsX509TrustManager = createX509TrustManager(certs, certificateValidationContext); } private static X509Certificate[] getTrustedCaFromCertContext( @@ -98,7 +98,7 @@ public final class XdsTrustManagerFactory extends SimpleTrustManagerFactory { } @VisibleForTesting - static XdsX509TrustManager createSdsX509TrustManager( + static XdsX509TrustManager createX509TrustManager( X509Certificate[] certs, CertificateValidationContext certContext) throws CertStoreException { TrustManagerFactory tmf = null; try { @@ -115,7 +115,7 @@ public final class XdsTrustManagerFactory extends SimpleTrustManagerFactory { } tmf.init(ks); } catch (NoSuchAlgorithmException | KeyStoreException | IOException | CertificateException e) { - logger.log(Level.SEVERE, "createSdsX509TrustManager", e); + logger.log(Level.SEVERE, "createX509TrustManager", e); throw new CertStoreException(e); } TrustManager[] tms = tmf.getTrustManagers(); diff --git a/xds/src/test/java/io/grpc/xds/XdsSdsClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java similarity index 99% rename from xds/src/test/java/io/grpc/xds/XdsSdsClientServerTest.java rename to xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java index 3ef23c1137..073eb1f8a2 100644 --- a/xds/src/test/java/io/grpc/xds/XdsSdsClientServerTest.java +++ b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java @@ -88,7 +88,7 @@ import org.junit.runners.JUnit4; * modes. */ @RunWith(JUnit4.class) -public class XdsSdsClientServerTest { +public class XdsSecurityClientServerTest { @Rule public final GrpcCleanupRule cleanupRule = new GrpcCleanupRule(); private int port; @@ -356,7 +356,7 @@ public class XdsSdsClientServerTest { xdsClient.deliverLdsUpdate(listenerUpdate); startFuture.get(10, TimeUnit.SECONDS); port = xdsServer.getPort(); - URI expectedUri = new URI("sdstest://localhost:" + port); + URI expectedUri = new URI("sectest://localhost:" + port); fakeNameResolverFactory = new FakeNameResolverFactory.Builder(expectedUri).build(); NameResolverRegistry.getDefaultRegistry().register(fakeNameResolverFactory); } @@ -400,7 +400,7 @@ public class XdsSdsClientServerTest { throws URISyntaxException { ManagedChannelBuilder channelBuilder = Grpc.newChannelBuilder( - "sdstest://localhost:" + port, + "sectest://localhost:" + port, XdsChannelCredentials.create(InsecureChannelCredentials.create())); if (overrideAuthority != null) { @@ -486,7 +486,7 @@ public class XdsSdsClientServerTest { @Override public String getDefaultScheme() { - return "sdstest"; + return "sectest"; } @Override diff --git a/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java b/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java index 32cb3eb418..d28c7d7c60 100644 --- a/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java +++ b/xds/src/test/java/io/grpc/xds/XdsServerBuilderTest.java @@ -54,7 +54,7 @@ import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import org.mockito.ArgumentCaptor; -// TODO (zivy@): move certain tests down to XdsServerWrapperTest, or up to XdsSdsClientServerTest. +// TODO (zivy@): move certain tests down to XdsServerWrapperTest or to XdsSecurityClientServerTest /** * Unit tests for {@link XdsServerBuilder}. */ diff --git a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java index 46a8e6b83a..8a4123d54a 100644 --- a/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java @@ -51,8 +51,8 @@ import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.InternalXdsAttributes; import io.grpc.xds.TlsContextManager; -import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSdsHandler; -import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSdsProtocolNegotiator; +import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSecurityHandler; +import io.grpc.xds.internal.security.SecurityProtocolNegotiators.ClientSecurityProtocolNegotiator; import io.grpc.xds.internal.security.certprovider.CommonCertProviderTestUtils; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandlerContext; @@ -95,20 +95,21 @@ public class SecurityProtocolNegotiatorsTest { private ChannelHandlerContext channelHandlerCtx; @Test - public void clientSdsProtocolNegotiatorNewHandler_noTlsContextAttribute() { + public void clientSecurityProtocolNegotiatorNewHandler_noTlsContextAttribute() { ChannelHandler mockChannelHandler = mock(ChannelHandler.class); ProtocolNegotiator mockProtocolNegotiator = mock(ProtocolNegotiator.class); when(mockProtocolNegotiator.newHandler(grpcHandler)).thenReturn(mockChannelHandler); - ClientSdsProtocolNegotiator pn = new ClientSdsProtocolNegotiator(mockProtocolNegotiator); + ClientSecurityProtocolNegotiator pn + = new ClientSecurityProtocolNegotiator(mockProtocolNegotiator); ChannelHandler newHandler = pn.newHandler(grpcHandler); assertThat(newHandler).isNotNull(); assertThat(newHandler).isSameInstanceAs(mockChannelHandler); } @Test - public void clientSdsProtocolNegotiatorNewHandler_noFallback_expectException() { - ClientSdsProtocolNegotiator pn = - new ClientSdsProtocolNegotiator(/* fallbackProtocolNegotiator= */ null); + public void clientSecurityProtocolNegotiatorNewHandler_noFallback_expectException() { + ClientSecurityProtocolNegotiator pn = + new ClientSecurityProtocolNegotiator(/* fallbackProtocolNegotiator= */ null); try { pn.newHandler(grpcHandler); fail("exception expected!"); @@ -120,11 +121,11 @@ public class SecurityProtocolNegotiatorsTest { } @Test - public void clientSdsProtocolNegotiatorNewHandler_withTlsContextAttribute() { + public void clientSecurityProtocolNegotiatorNewHandler_withTlsContextAttribute() { UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext(CommonTlsContext.newBuilder().build()); - ClientSdsProtocolNegotiator pn = - new ClientSdsProtocolNegotiator(InternalProtocolNegotiators.plaintext()); + ClientSecurityProtocolNegotiator pn = + new ClientSecurityProtocolNegotiator(InternalProtocolNegotiators.plaintext()); GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class); ChannelLogger logger = mock(ChannelLogger.class); doNothing().when(logger).log(any(ChannelLogLevel.class), anyString()); @@ -138,11 +139,11 @@ public class SecurityProtocolNegotiatorsTest { .build()); ChannelHandler newHandler = pn.newHandler(mockHandler); assertThat(newHandler).isNotNull(); - assertThat(newHandler).isInstanceOf(ClientSdsHandler.class); + assertThat(newHandler).isInstanceOf(ClientSecurityHandler.class); } @Test - public void clientSdsHandler_addLast() + public void clientSecurityHandler_addLast() throws InterruptedException, TimeoutException, ExecutionException { FakeClock executor = new FakeClock(); CommonCertProviderTestUtils.register(executor); @@ -156,11 +157,11 @@ public class SecurityProtocolNegotiatorsTest { SslContextProviderSupplier sslContextProviderSupplier = new SslContextProviderSupplier(upstreamTlsContext, new TlsContextManagerImpl(bootstrapInfoForClient)); - SecurityProtocolNegotiators.ClientSdsHandler clientSdsHandler = - new SecurityProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier); - pipeline.addLast(clientSdsHandler); - channelHandlerCtx = pipeline.context(clientSdsHandler); - assertNotNull(channelHandlerCtx); // clientSdsHandler ctx is non-null since we just added it + ClientSecurityHandler clientSecurityHandler = + new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier); + pipeline.addLast(clientSecurityHandler); + channelHandlerCtx = pipeline.context(clientSecurityHandler); + assertNotNull(channelHandlerCtx); // kick off protocol negotiation. pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault()); @@ -182,7 +183,7 @@ public class SecurityProtocolNegotiatorsTest { Object fromFuture = future.get(2, TimeUnit.SECONDS); assertThat(fromFuture).isInstanceOf(SslContext.class); channel.runPendingTasks(); - channelHandlerCtx = pipeline.context(clientSdsHandler); + channelHandlerCtx = pipeline.context(clientSecurityHandler); assertThat(channelHandlerCtx).isNull(); // pipeline should have SslHandler and ClientTlsHandler @@ -195,7 +196,7 @@ public class SecurityProtocolNegotiatorsTest { } @Test - public void serverSdsHandler_addLast() + public void serverSecurityHandler_addLast() throws InterruptedException, TimeoutException, ExecutionException { FakeClock executor = new FakeClock(); CommonCertProviderTestUtils.register(executor); @@ -228,7 +229,7 @@ public class SecurityProtocolNegotiatorsTest { channelHandlerCtx = pipeline.context(handlerPickerHandler); assertThat(channelHandlerCtx).isNotNull(); // should find HandlerPickerHandler - // kick off protocol negotiation: should replace HandlerPickerHandler with ServerSdsHandler + // kick off protocol negotiation: should replace HandlerPickerHandler with ServerSecurityHandler ProtocolNegotiationEvent event = InternalProtocolNegotiationEvent.getDefault(); Attributes attr = InternalProtocolNegotiationEvent.getAttributes(event) .toBuilder().set(ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER, @@ -236,7 +237,7 @@ public class SecurityProtocolNegotiatorsTest { pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.withAttributes(event, attr)); channelHandlerCtx = pipeline.context(handlerPickerHandler); assertThat(channelHandlerCtx).isNull(); - channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSdsHandler.class); + channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSecurityHandler.class); assertThat(channelHandlerCtx).isNotNull(); SslContextProviderSupplier sslContextProviderSupplier = @@ -259,7 +260,7 @@ public class SecurityProtocolNegotiatorsTest { Object fromFuture = future.get(2, TimeUnit.SECONDS); assertThat(fromFuture).isInstanceOf(SslContext.class); channel.runPendingTasks(); - channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSdsHandler.class); + channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSecurityHandler.class); assertThat(channelHandlerCtx).isNull(); // pipeline should only have SslHandler and ServerTlsHandler @@ -272,7 +273,7 @@ public class SecurityProtocolNegotiatorsTest { } @Test - public void serverSdsHandler_defaultDownstreamTlsContext_expectFallbackProtocolNegotiator() + public void serverSecurityHandler_defaultDownstreamTlsContext_expectFallbackProtocolNegotiator() throws IOException { ChannelHandler mockChannelHandler = mock(ChannelHandler.class); ProtocolNegotiator mockProtocolNegotiator = mock(ProtocolNegotiator.class); @@ -294,7 +295,7 @@ public class SecurityProtocolNegotiatorsTest { channelHandlerCtx = pipeline.context(handlerPickerHandler); assertThat(channelHandlerCtx).isNotNull(); // should find HandlerPickerHandler - // kick off protocol negotiation: should replace HandlerPickerHandler with ServerSdsHandler + // kick off protocol negotiation: should replace HandlerPickerHandler with ServerSecurityHandler ProtocolNegotiationEvent event = InternalProtocolNegotiationEvent.getDefault(); Attributes attr = InternalProtocolNegotiationEvent.getAttributes(event) .toBuilder().set(ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER, null).build(); @@ -309,7 +310,7 @@ public class SecurityProtocolNegotiatorsTest { } @Test - public void serverSdsHandler_nullTlsContext_expectFallbackProtocolNegotiator() { + public void serverSecurityHandler_nullTlsContext_expectFallbackProtocolNegotiator() { ChannelHandler mockChannelHandler = mock(ChannelHandler.class); ProtocolNegotiator mockProtocolNegotiator = mock(ProtocolNegotiator.class); when(mockProtocolNegotiator.newHandler(grpcHandler)).thenReturn(mockChannelHandler); @@ -354,7 +355,7 @@ public class SecurityProtocolNegotiatorsTest { } @Test - public void clientSdsProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent() + public void clientSecurityProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent() throws InterruptedException, TimeoutException, ExecutionException { FakeClock executor = new FakeClock(); CommonCertProviderTestUtils.register(executor); @@ -368,11 +369,11 @@ public class SecurityProtocolNegotiatorsTest { SslContextProviderSupplier sslContextProviderSupplier = new SslContextProviderSupplier(upstreamTlsContext, new TlsContextManagerImpl(bootstrapInfoForClient)); - SecurityProtocolNegotiators.ClientSdsHandler clientSdsHandler = - new SecurityProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier); + ClientSecurityHandler clientSecurityHandler = + new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier); - pipeline.addLast(clientSdsHandler); - channelHandlerCtx = pipeline.context(clientSdsHandler); + pipeline.addLast(clientSecurityHandler); + channelHandlerCtx = pipeline.context(clientSecurityHandler); assertNotNull(channelHandlerCtx); // non-null since we just added it // kick off protocol negotiation. @@ -395,7 +396,7 @@ public class SecurityProtocolNegotiatorsTest { Object fromFuture = future.get(5, TimeUnit.SECONDS); assertThat(fromFuture).isInstanceOf(SslContext.class); channel.runPendingTasks(); - channelHandlerCtx = pipeline.context(clientSdsHandler); + channelHandlerCtx = pipeline.context(clientSecurityHandler); assertThat(channelHandlerCtx).isNull(); Object sslEvent = SslHandshakeCompletionEvent.SUCCESS; @@ -406,7 +407,7 @@ public class SecurityProtocolNegotiatorsTest { } @Test - public void clientSdsProtocolNegotiatorNewHandler_handleHandlerRemoved() { + public void clientSecurityProtocolNegotiatorNewHandler_handleHandlerRemoved() { FakeClock executor = new FakeClock(); CommonCertProviderTestUtils.register(executor); Bootstrapper.BootstrapInfo bootstrapInfoForClient = CommonBootstrapperTestUtils @@ -419,17 +420,17 @@ public class SecurityProtocolNegotiatorsTest { SslContextProviderSupplier sslContextProviderSupplier = new SslContextProviderSupplier(upstreamTlsContext, new TlsContextManagerImpl(bootstrapInfoForClient)); - SecurityProtocolNegotiators.ClientSdsHandler clientSdsHandler = - new SecurityProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier); + ClientSecurityHandler clientSecurityHandler = + new ClientSecurityHandler(grpcHandler, sslContextProviderSupplier); - pipeline.addLast(clientSdsHandler); - channelHandlerCtx = pipeline.context(clientSdsHandler); + pipeline.addLast(clientSecurityHandler); + channelHandlerCtx = pipeline.context(clientSecurityHandler); // kick off protocol negotiation. pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.getDefault()); executor.runDueTasks(); - pipeline.remove(clientSdsHandler); + pipeline.remove(clientSecurityHandler); channel.runPendingTasks(); channel.checkException(); CommonCertProviderTestUtils.register0(); diff --git a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java index 5194cc5795..08512396a4 100644 --- a/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/security/trust/XdsX509TrustManagerTest.java @@ -629,7 +629,7 @@ public class XdsX509TrustManagerTest { throws CertificateException, IOException, CertStoreException { X509Certificate[] caCerts = CertificateUtils.toX509Certificates(TlsTesting.loadCert(CA_PEM_FILE)); - trustManager = XdsTrustManagerFactory.createSdsX509TrustManager(caCerts, + trustManager = XdsTrustManagerFactory.createX509TrustManager(caCerts, null); when(mockSession.getProtocol()).thenReturn("TLSv1.2"); when(mockSession.getPeerHost()).thenReturn("peer-host-from-mock");