diff --git a/src/core/security/security_connector.h b/src/core/security/security_connector.h
index b9f31b607497f9a3b96a3f172caedc37e7c144c0..b5f3ff17f49b8c2ebc7118891b2723480f714c4f 100644
--- a/src/core/security/security_connector.h
+++ b/src/core/security/security_connector.h
@@ -239,7 +239,7 @@ const tsi_peer_property *tsi_peer_get_property_by_name(const tsi_peer *peer,
/* Exposed for testing only. */
grpc_auth_context *tsi_ssl_peer_to_auth_context(const tsi_peer *peer);
-tsi_peer tsi_shallow_peer_from_auth_context(
+tsi_peer tsi_shallow_peer_from_ssl_auth_context(
const grpc_auth_context *auth_context);
void tsi_shallow_peer_destruct(tsi_peer *peer);
diff --git a/test/core/security/security_connector_test.c b/test/core/security/security_connector_test.c
index 2f417f891e728744668b22f5b0c312fc4bdc98a9..0dcffa40ce413b7a69125a355bb4276e02e20583 100644
--- a/test/core/security/security_connector_test.c
+++ b/test/core/security/security_connector_test.c
@@ -60,8 +60,39 @@ static int check_transport_security_type(const grpc_auth_context *ctx) {
return 1;
}
+static int check_peer_property(const tsi_peer *peer,
+ const tsi_peer_property *expected) {
+ size_t i;
+ for (i = 0; i < peer->property_count; i++) {
+ const tsi_peer_property *prop = &peer->properties[i];
+ if ((strcmp(prop->name, expected->name) == 0) &&
+ (prop->value.length == expected->value.length) &&
+ (memcmp(prop->value.data, expected->value.data,
+ expected->value.length) == 0)) {
+ return 1;
+ }
+ }
+ return 0; /* Not found... */
+}
+
+static int check_ssl_peer_equivalence(const tsi_peer *original,
+ const tsi_peer *reconstructed) {
+ /* The reconstructed peer only has CN and SAN properties. */
+ size_t i;
+ for (i = 0; i < original->property_count; i++) {
+ const tsi_peer_property *prop = &original->properties[i];
+ if ((strcmp(prop->name, TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY) == 0) ||
+ (strcmp(prop->name, TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) ==
+ 0)) {
+ if (!check_peer_property(reconstructed, prop)) return 0;
+ }
+ }
+ return 1;
+}
+
static void test_unauthenticated_ssl_peer(void) {
tsi_peer peer;
+ tsi_peer rpeer;
grpc_auth_context *ctx;
GPR_ASSERT(tsi_construct_peer(1, &peer) == TSI_OK);
GPR_ASSERT(tsi_construct_string_peer_property_from_cstring(
@@ -72,6 +103,10 @@ static void test_unauthenticated_ssl_peer(void) {
GPR_ASSERT(!grpc_auth_context_peer_is_authenticated(ctx));
GPR_ASSERT(check_transport_security_type(ctx));
+ rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+ tsi_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
@@ -128,6 +163,7 @@ static int check_x509_cn(const grpc_auth_context *ctx,
static void test_cn_only_ssl_peer_to_auth_context(void) {
tsi_peer peer;
+ tsi_peer rpeer;
grpc_auth_context *ctx;
const char *expected_cn = "cn1";
GPR_ASSERT(tsi_construct_peer(2, &peer) == TSI_OK);
@@ -144,12 +180,17 @@ static void test_cn_only_ssl_peer_to_auth_context(void) {
GPR_ASSERT(check_transport_security_type(ctx));
GPR_ASSERT(check_x509_cn(ctx, expected_cn));
+ rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+ tsi_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
static void test_cn_and_one_san_ssl_peer_to_auth_context(void) {
tsi_peer peer;
+ tsi_peer rpeer;
grpc_auth_context *ctx;
const char *expected_cn = "cn1";
const char *expected_san = "san1";
@@ -171,12 +212,17 @@ static void test_cn_and_one_san_ssl_peer_to_auth_context(void) {
GPR_ASSERT(check_transport_security_type(ctx));
GPR_ASSERT(check_x509_cn(ctx, expected_cn));
+ rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+ tsi_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
tsi_peer peer;
+ tsi_peer rpeer;
grpc_auth_context *ctx;
const char *expected_cn = "cn1";
const char *expected_sans[] = {"san1", "san2", "san3"};
@@ -202,6 +248,10 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
GPR_ASSERT(check_transport_security_type(ctx));
GPR_ASSERT(check_x509_cn(ctx, expected_cn));
+ rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+ tsi_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}
@@ -209,6 +259,7 @@ static void test_cn_and_multiple_sans_ssl_peer_to_auth_context(void) {
static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(
void) {
tsi_peer peer;
+ tsi_peer rpeer;
grpc_auth_context *ctx;
const char *expected_cn = "cn1";
const char *expected_sans[] = {"san1", "san2", "san3"};
@@ -238,6 +289,10 @@ static void test_cn_and_multiple_sans_and_others_ssl_peer_to_auth_context(
GPR_ASSERT(check_transport_security_type(ctx));
GPR_ASSERT(check_x509_cn(ctx, expected_cn));
+ rpeer = tsi_shallow_peer_from_ssl_auth_context(ctx);
+ GPR_ASSERT(check_ssl_peer_equivalence(&peer, &rpeer));
+
+ tsi_shallow_peer_destruct(&rpeer);
tsi_peer_destruct(&peer);
GRPC_AUTH_CONTEXT_UNREF(ctx, "test");
}