def test_ServerTLS(self):
# TestServerTLS starts a server with TLS(not mutual) and makes sure only the
# appropriate clients can connect to it. Since the server uses a self-signed
# certificate, a default client should not be able to call methods, as the
# certificate can not be validated.
server, serverAddress = setupGRPCServerWithTLS(certPem,
keyPem,
mutual=False)
# default client with self-signed server cert; should fail
with self.assertRaises(grpc.RpcError) as context:
client = Client(serverAddress, insecure=False)
response = client.Version()
self.assertEqual(context.exception.details(),
"failed to connect to all addresses")
# client provides incorrect server certificate; should fail
with self.assertRaises(grpc.RpcError) as context:
client = Client(serverAddress,
insecure=False,
serverCertificate=fakeCertPem)
response = client.Version()
self.assertEqual(context.exception.details(),
"failed to connect to all addresses")
# client tries to connect with insecure channel; should fail
with self.assertRaises(grpc.RpcError) as context:
client = Client(serverAddress,
insecure=True,
serverCertificate=certPem)
response = client.Version()
self.assertEqual(context.exception.details(),
"failed to connect to all addresses")
# client provides correct server certificate; should succeed
client = Client(serverAddress,
insecure=False,
serverCertificate=certPem)
response = client.Version()
self.assertEqual(response, expectedResponses['Version'])
server.stop(0)
def test_MutualTLS(self):
# TestMutualTLS starts a server with mutual TLS enabled and makes
# sure only the appropriate clients can connect to it.
server, serverAddress = setupGRPCServerWithTLS(certPem,
keyPem,
mutual=True)
# mutual tls with correct cert but wrong CA; should fail (client can not validate the server)
with self.assertRaises(grpc.RpcError) as context:
client = Client(serverAddress,
insecure=False,
serverCertificate=fakeCertPem,
clientCertificate=certPem,
clientKey=keyPem)
response = client.Version()
self.assertEqual(context.exception.details(),
"failed to connect to all addresses")
# mutual tls with wrong cert but correct CA; should fail (server can not validate the client)
with self.assertRaises(grpc.RpcError) as context:
client = Client(serverAddress,
insecure=False,
serverCertificate=certPem,
clientCertificate=fakeCertPem,
clientKey=fakeKeyPem)
response = client.Version()
self.assertEqual(context.exception.details(),
"failed to connect to all addresses")
# mutual tls with correct cert and CA but no key provided; should fail (client raises exception)
with self.assertRaises(ValueError):
client = Client(serverAddress,
insecure=False,
serverCertificate=certPem,
clientCertificate=certPem)
response = client.Version()
# client tries to connect with insecure channel; should fail
with self.assertRaises(grpc.RpcError) as context:
client = Client(serverAddress,
insecure=True,
serverCertificate=certPem,
clientCertificate=certPem,
clientKey=keyPem)
response = client.Version()
self.assertEqual(context.exception.details(),
"failed to connect to all addresses")
# client presented a bad client cert/key; should fail
with self.assertRaises(grpc.RpcError) as context:
client = Client(serverAddress,
insecure=False,
serverCertificate=certPem,
clientCertificate=certPem[:3],
clientKey=keyPem)
response = client.Version()
self.assertEqual(context.exception.details(), "Empty update")
# client provides appropriate certificates; should succeed
client = Client(serverAddress,
insecure=False,
serverCertificate=certPem,
clientCertificate=certPem,
clientKey=keyPem)
response = client.Version()
self.assertEqual(response, expectedResponses['Version'])
server.stop(0)
def test_Version(self):
client = Client(self.serverAddress, insecure=True)
response = client.Version()
self.assertEqual(response, expectedResponses['Version'])
