veyron/runtimes/google/ipc: Add unittest and fix my mistake that it would
have caught.
Change-Id: I2542d5c12cdda47334a017555a83f0fdf55d6ac3
diff --git a/runtimes/google/ipc/client.go b/runtimes/google/ipc/client.go
index d4a1963..fc22457 100644
--- a/runtimes/google/ipc/client.go
+++ b/runtimes/google/ipc/client.go
@@ -668,8 +668,8 @@
for _, o := range opts {
switch v := o.(type) {
case options.ServerPublicKey:
- if remoteKey := flow.RemoteBlessings().PublicKey(); !reflect.DeepEqual(remoteKey, v) {
- verror.New(errAuthServerKeyNotAllowed, ctx, remoteKey, v)
+ if remoteKey, key := flow.RemoteBlessings().PublicKey(), v.PublicKey; !reflect.DeepEqual(remoteKey, key) {
+ return nil, nil, verror.New(errAuthServerKeyNotAllowed, ctx, remoteKey, key)
}
case options.AllowedServersPolicy:
allowed := false
diff --git a/runtimes/google/ipc/full_test.go b/runtimes/google/ipc/full_test.go
index f64dea2..abd422b 100644
--- a/runtimes/google/ipc/full_test.go
+++ b/runtimes/google/ipc/full_test.go
@@ -1746,6 +1746,59 @@
ParamType: vdl.TypeOf(int64(0)),
}
+func TestServerPublicKeyOpt(t *testing.T) {
+ var (
+ pserver = tsecurity.NewPrincipal("server")
+ pother = tsecurity.NewPrincipal("other")
+ pclient = tsecurity.NewPrincipal("client")
+ )
+
+ ns := tnaming.NewSimpleNamespace()
+ ctx := testContext()
+ mountName := "mountpoint/default"
+ runServer := func() stream.Manager {
+ rid, err := naming.NewRoutingID()
+ if err != nil {
+ t.Fatal(err)
+ }
+ sm := imanager.InternalNew(rid)
+ server, err := testInternalNewServer(ctx, sm, ns, vc.LocalPrincipal{pserver})
+ if err != nil {
+ t.Fatal(err)
+ }
+ if _, err := server.Listen(listenSpec); err != nil {
+ t.Fatal(err)
+ }
+ if err := server.Serve(mountName, &testServer{}, acceptAllAuthorizer{}); err != nil {
+ t.Fatal(err)
+ }
+ return sm
+ }
+
+ // Start a server with pserver.
+ defer runServer().Shutdown()
+
+ smc := imanager.InternalNew(naming.FixedRoutingID(0xc))
+ client, err := InternalNewClient(
+ smc,
+ ns,
+ vc.LocalPrincipal{pclient})
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer smc.Shutdown()
+ defer client.Close()
+
+ // The call should succeed when the server presents the same public as the opt...
+ if _, err = client.StartCall(testContext(), mountName, "Closure", nil, options.ServerPublicKey{pserver.PublicKey()}); err != nil {
+ t.Errorf("Expected call to succeed but got %v", err)
+ }
+ // ...but fail if they differ.
+ if _, err = client.StartCall(testContext(), mountName, "Closure", nil, options.ServerPublicKey{pother.PublicKey()}); !verror.Is(err, verror.NotTrusted.ID) {
+ t.Errorf("got %v, want %v", verror.ErrorID(err), verror.NotTrusted.ID)
+ }
+}
+
func TestMain(m *testing.M) {
testutil.Init()
security.RegisterCaveatValidator(fakeTimeCaveat, func(_ security.Context, t int64) error {
