def test_ServerTLS(self): # TestServerTLS starts a server with TLS(not mutual) and makes sure only the # appropriate clients can connect to it. Since the server uses a self-signed # certificate, a default client should not be able to call methods, as the # certificate can not be validated. server, serverAddress = setupGRPCServerWithTLS(certPem, keyPem, mutual=False) # default client with self-signed server cert; should fail with self.assertRaises(grpc.RpcError) as context: client = Client(serverAddress, insecure=False) response = client.Version() self.assertEqual(context.exception.details(), "failed to connect to all addresses") # client provides incorrect server certificate; should fail with self.assertRaises(grpc.RpcError) as context: client = Client(serverAddress, insecure=False, serverCertificate=fakeCertPem) response = client.Version() self.assertEqual(context.exception.details(), "failed to connect to all addresses") # client tries to connect with insecure channel; should fail with self.assertRaises(grpc.RpcError) as context: client = Client(serverAddress, insecure=True, serverCertificate=certPem) response = client.Version() self.assertEqual(context.exception.details(), "failed to connect to all addresses") # client provides correct server certificate; should succeed client = Client(serverAddress, insecure=False, serverCertificate=certPem) response = client.Version() self.assertEqual(response, expectedResponses['Version']) server.stop(0)
def test_MutualTLS(self): # TestMutualTLS starts a server with mutual TLS enabled and makes # sure only the appropriate clients can connect to it. server, serverAddress = setupGRPCServerWithTLS(certPem, keyPem, mutual=True) # mutual tls with correct cert but wrong CA; should fail (client can not validate the server) with self.assertRaises(grpc.RpcError) as context: client = Client(serverAddress, insecure=False, serverCertificate=fakeCertPem, clientCertificate=certPem, clientKey=keyPem) response = client.Version() self.assertEqual(context.exception.details(), "failed to connect to all addresses") # mutual tls with wrong cert but correct CA; should fail (server can not validate the client) with self.assertRaises(grpc.RpcError) as context: client = Client(serverAddress, insecure=False, serverCertificate=certPem, clientCertificate=fakeCertPem, clientKey=fakeKeyPem) response = client.Version() self.assertEqual(context.exception.details(), "failed to connect to all addresses") # mutual tls with correct cert and CA but no key provided; should fail (client raises exception) with self.assertRaises(ValueError): client = Client(serverAddress, insecure=False, serverCertificate=certPem, clientCertificate=certPem) response = client.Version() # client tries to connect with insecure channel; should fail with self.assertRaises(grpc.RpcError) as context: client = Client(serverAddress, insecure=True, serverCertificate=certPem, clientCertificate=certPem, clientKey=keyPem) response = client.Version() self.assertEqual(context.exception.details(), "failed to connect to all addresses") # client presented a bad client cert/key; should fail with self.assertRaises(grpc.RpcError) as context: client = Client(serverAddress, insecure=False, serverCertificate=certPem, clientCertificate=certPem[:3], clientKey=keyPem) response = client.Version() self.assertEqual(context.exception.details(), "Empty update") # client provides appropriate certificates; should succeed client = Client(serverAddress, insecure=False, serverCertificate=certPem, clientCertificate=certPem, clientKey=keyPem) response = client.Version() self.assertEqual(response, expectedResponses['Version']) server.stop(0)
def test_Version(self): client = Client(self.serverAddress, insecure=True) response = client.Version() self.assertEqual(response, expectedResponses['Version'])