|  | @@ -0,0 +1,529 @@
 | 
	
		
			
				|  |  | +//
 | 
	
		
			
				|  |  | +//
 | 
	
		
			
				|  |  | +// Copyright 2020 gRPC authors.
 | 
	
		
			
				|  |  | +//
 | 
	
		
			
				|  |  | +// Licensed under the Apache License, Version 2.0 (the "License");
 | 
	
		
			
				|  |  | +// you may not use this file except in compliance with the License.
 | 
	
		
			
				|  |  | +// You may obtain a copy of the License at
 | 
	
		
			
				|  |  | +//
 | 
	
		
			
				|  |  | +//     http://www.apache.org/licenses/LICENSE-2.0
 | 
	
		
			
				|  |  | +//
 | 
	
		
			
				|  |  | +// Unless required by applicable law or agreed to in writing, software
 | 
	
		
			
				|  |  | +// distributed under the License is distributed on an "AS IS" BASIS,
 | 
	
		
			
				|  |  | +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | 
	
		
			
				|  |  | +// See the License for the specific language governing permissions and
 | 
	
		
			
				|  |  | +// limitations under the License.
 | 
	
		
			
				|  |  | +//
 | 
	
		
			
				|  |  | +//
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +#include <gmock/gmock.h>
 | 
	
		
			
				|  |  | +#include <gtest/gtest.h>
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +#include "src/core/ext/xds/xds_certificate_provider.h"
 | 
	
		
			
				|  |  | +#include "test/core/util/test_config.h"
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +namespace grpc_core {
 | 
	
		
			
				|  |  | +namespace testing {
 | 
	
		
			
				|  |  | +namespace {
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +constexpr const char* kRootCert1 = "root_cert_1_contents";
 | 
	
		
			
				|  |  | +constexpr const char* kRootCert2 = "root_cert_2_contents";
 | 
	
		
			
				|  |  | +constexpr const char* kIdentityCert1PrivateKey = "identity_private_key_1";
 | 
	
		
			
				|  |  | +constexpr const char* kIdentityCert1 = "identity_cert_1_contents";
 | 
	
		
			
				|  |  | +constexpr const char* kIdentityCert2PrivateKey = "identity_private_key_2";
 | 
	
		
			
				|  |  | +constexpr const char* kIdentityCert2 = "identity_cert_2_contents";
 | 
	
		
			
				|  |  | +constexpr const char* kRootErrorMessage = "root_error_message";
 | 
	
		
			
				|  |  | +constexpr const char* kIdentityErrorMessage = "identity_error_message";
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +PemKeyCertPairList MakeKeyCertPairs(const char* private_key,
 | 
	
		
			
				|  |  | +                                    const char* certs) {
 | 
	
		
			
				|  |  | +  if (strcmp(private_key, "") == 0 && strcmp(certs, "") == 0) {
 | 
	
		
			
				|  |  | +    return {};
 | 
	
		
			
				|  |  | +  }
 | 
	
		
			
				|  |  | +  grpc_ssl_pem_key_cert_pair* ssl_pair =
 | 
	
		
			
				|  |  | +      static_cast<grpc_ssl_pem_key_cert_pair*>(
 | 
	
		
			
				|  |  | +          gpr_malloc(sizeof(grpc_ssl_pem_key_cert_pair)));
 | 
	
		
			
				|  |  | +  ssl_pair->private_key = gpr_strdup(private_key);
 | 
	
		
			
				|  |  | +  ssl_pair->cert_chain = gpr_strdup(certs);
 | 
	
		
			
				|  |  | +  return PemKeyCertPairList{PemKeyCertPair(ssl_pair)};
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +PemKeyCertPairList MakeKeyCertPairsType1() {
 | 
	
		
			
				|  |  | +  return MakeKeyCertPairs(kIdentityCert1PrivateKey, kIdentityCert1);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +PemKeyCertPairList MakeKeyCertPairsType2() {
 | 
	
		
			
				|  |  | +  return MakeKeyCertPairs(kIdentityCert2PrivateKey, kIdentityCert2);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +class TestCertificatesWatcher
 | 
	
		
			
				|  |  | +    : public grpc_tls_certificate_distributor::TlsCertificatesWatcherInterface {
 | 
	
		
			
				|  |  | + public:
 | 
	
		
			
				|  |  | +  ~TestCertificatesWatcher() override {
 | 
	
		
			
				|  |  | +    GRPC_ERROR_UNREF(root_cert_error_);
 | 
	
		
			
				|  |  | +    GRPC_ERROR_UNREF(identity_cert_error_);
 | 
	
		
			
				|  |  | +  }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +  void OnCertificatesChanged(
 | 
	
		
			
				|  |  | +      absl::optional<absl::string_view> root_certs,
 | 
	
		
			
				|  |  | +      absl::optional<PemKeyCertPairList> key_cert_pairs) override {
 | 
	
		
			
				|  |  | +    if (root_certs.has_value()) {
 | 
	
		
			
				|  |  | +      if (!root_certs_.has_value() ||
 | 
	
		
			
				|  |  | +          (root_certs_.has_value() &&
 | 
	
		
			
				|  |  | +           std::string(root_certs.value()) != root_certs_.value())) {
 | 
	
		
			
				|  |  | +        GRPC_ERROR_UNREF(root_cert_error_);
 | 
	
		
			
				|  |  | +        root_cert_error_ = GRPC_ERROR_NONE;
 | 
	
		
			
				|  |  | +      }
 | 
	
		
			
				|  |  | +      root_certs_.emplace(std::string(root_certs.value()));
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +    if (key_cert_pairs.has_value()) {
 | 
	
		
			
				|  |  | +      if (key_cert_pairs != key_cert_pairs_) {
 | 
	
		
			
				|  |  | +        GRPC_ERROR_UNREF(identity_cert_error_);
 | 
	
		
			
				|  |  | +        identity_cert_error_ = GRPC_ERROR_NONE;
 | 
	
		
			
				|  |  | +        key_cert_pairs_ = key_cert_pairs;
 | 
	
		
			
				|  |  | +      }
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +  }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +  void OnError(grpc_error* root_cert_error,
 | 
	
		
			
				|  |  | +               grpc_error* identity_cert_error) override {
 | 
	
		
			
				|  |  | +    GRPC_ERROR_UNREF(root_cert_error_);
 | 
	
		
			
				|  |  | +    root_cert_error_ = root_cert_error;
 | 
	
		
			
				|  |  | +    GRPC_ERROR_UNREF(identity_cert_error_);
 | 
	
		
			
				|  |  | +    identity_cert_error_ = identity_cert_error;
 | 
	
		
			
				|  |  | +  }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +  const absl::optional<std::string>& root_certs() const { return root_certs_; }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +  const absl::optional<PemKeyCertPairList>& key_cert_pairs() const {
 | 
	
		
			
				|  |  | +    return key_cert_pairs_;
 | 
	
		
			
				|  |  | +  }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +  grpc_error* root_cert_error() const { return root_cert_error_; }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +  grpc_error* identity_cert_error() const { return identity_cert_error_; }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | + private:
 | 
	
		
			
				|  |  | +  absl::optional<std::string> root_certs_;
 | 
	
		
			
				|  |  | +  absl::optional<PemKeyCertPairList> key_cert_pairs_;
 | 
	
		
			
				|  |  | +  grpc_error* root_cert_error_ = GRPC_ERROR_NONE;
 | 
	
		
			
				|  |  | +  grpc_error* identity_cert_error_ = GRPC_ERROR_NONE;
 | 
	
		
			
				|  |  | +};
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +TEST(
 | 
	
		
			
				|  |  | +    XdsCertificateProviderTest,
 | 
	
		
			
				|  |  | +    RootCertDistributorDifferentFromIdentityCertDistributorDifferentCertNames) {
 | 
	
		
			
				|  |  | +  auto root_cert_distributor =
 | 
	
		
			
				|  |  | +      MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  auto identity_cert_distributor =
 | 
	
		
			
				|  |  | +      MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  XdsCertificateProvider provider("root", root_cert_distributor, "identity",
 | 
	
		
			
				|  |  | +                                  identity_cert_distributor);
 | 
	
		
			
				|  |  | +  auto* watcher = new TestCertificatesWatcher;
 | 
	
		
			
				|  |  | +  provider.distributor()->WatchTlsCertificates(
 | 
	
		
			
				|  |  | +      std::unique_ptr<TestCertificatesWatcher>(watcher), "", "");
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Update both root certs and identity certs
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetKeyMaterials("root", kRootCert1, absl::nullopt);
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetKeyMaterials("identity", absl::nullopt,
 | 
	
		
			
				|  |  | +                                             MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Second update for just root certs
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetKeyMaterials(
 | 
	
		
			
				|  |  | +      "root", kRootCert2,
 | 
	
		
			
				|  |  | +      MakeKeyCertPairsType2() /* does not have an effect */);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Second update for identity certs
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetKeyMaterials(
 | 
	
		
			
				|  |  | +      "identity", kRootCert1 /* does not have an effect */,
 | 
	
		
			
				|  |  | +      MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Set error for both root and identity
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "root", GRPC_ERROR_CREATE_FROM_STATIC_STRING(kRootErrorMessage),
 | 
	
		
			
				|  |  | +      absl::nullopt);
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "identity", absl::nullopt,
 | 
	
		
			
				|  |  | +      GRPC_ERROR_CREATE_FROM_STATIC_STRING(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kRootErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update for root certs. Test that the root cert error is reset.
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetKeyMaterials("root", kRootCert1, absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update for identity certs. Test that the identity cert error is
 | 
	
		
			
				|  |  | +  // reset.
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetKeyMaterials("identity", absl::nullopt,
 | 
	
		
			
				|  |  | +                                             MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +TEST(XdsCertificateProviderTest,
 | 
	
		
			
				|  |  | +     RootCertDistributorDifferentFromIdentityCertDistributorSameCertNames) {
 | 
	
		
			
				|  |  | +  auto root_cert_distributor =
 | 
	
		
			
				|  |  | +      MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  auto identity_cert_distributor =
 | 
	
		
			
				|  |  | +      MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  XdsCertificateProvider provider("test", root_cert_distributor, "test",
 | 
	
		
			
				|  |  | +                                  identity_cert_distributor);
 | 
	
		
			
				|  |  | +  auto* watcher = new TestCertificatesWatcher;
 | 
	
		
			
				|  |  | +  provider.distributor()->WatchTlsCertificates(
 | 
	
		
			
				|  |  | +      std::unique_ptr<TestCertificatesWatcher>(watcher), "", "");
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Update both root certs and identity certs
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetKeyMaterials("test", kRootCert1, absl::nullopt);
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetKeyMaterials("test", absl::nullopt,
 | 
	
		
			
				|  |  | +                                             MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Second update for just root certs
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetKeyMaterials("test", kRootCert2, absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Second update for identity certs
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetKeyMaterials("test", absl::nullopt,
 | 
	
		
			
				|  |  | +                                             MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Set error for both root and identity
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "test", GRPC_ERROR_CREATE_FROM_STATIC_STRING(kRootErrorMessage),
 | 
	
		
			
				|  |  | +      absl::nullopt);
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "test", absl::nullopt,
 | 
	
		
			
				|  |  | +      GRPC_ERROR_CREATE_FROM_STATIC_STRING(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kRootErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update for root certs. Test that the root cert error is reset.
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetKeyMaterials("test", kRootCert1, absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update for identity certs. Test that the identity cert error is
 | 
	
		
			
				|  |  | +  // reset.
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetKeyMaterials("test", absl::nullopt,
 | 
	
		
			
				|  |  | +                                             MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Test update on unwatched cert name
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetKeyMaterials("identity", kRootCert2,
 | 
	
		
			
				|  |  | +                                             MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetKeyMaterials("root", kRootCert1,
 | 
	
		
			
				|  |  | +                                         MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +TEST(XdsCertificateProviderTest,
 | 
	
		
			
				|  |  | +     RootCertDistributorSameAsIdentityCertDistributorDifferentCertNames) {
 | 
	
		
			
				|  |  | +  auto distributor = MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  XdsCertificateProvider provider("root", distributor, "identity", distributor);
 | 
	
		
			
				|  |  | +  auto* watcher = new TestCertificatesWatcher;
 | 
	
		
			
				|  |  | +  provider.distributor()->WatchTlsCertificates(
 | 
	
		
			
				|  |  | +      std::unique_ptr<TestCertificatesWatcher>(watcher), "", "");
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Update both root certs and identity certs
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("root", kRootCert1, MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("identity", kRootCert2, MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Second update for just root certs
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("root", kRootCert2, MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Second update for identity certs
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("identity", kRootCert1, MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Set error for root
 | 
	
		
			
				|  |  | +  distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "root", GRPC_ERROR_CREATE_FROM_STATIC_STRING(kRootErrorMessage),
 | 
	
		
			
				|  |  | +      GRPC_ERROR_CREATE_FROM_STATIC_STRING(kRootErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kRootErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "identity", GRPC_ERROR_CREATE_FROM_STATIC_STRING(kIdentityErrorMessage),
 | 
	
		
			
				|  |  | +      GRPC_ERROR_CREATE_FROM_STATIC_STRING(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kRootErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update for root
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("root", kRootCert1, MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update for identity
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("identity", kRootCert2, MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +TEST(XdsCertificateProviderTest,
 | 
	
		
			
				|  |  | +     RootCertDistributorSameAsIdentityCertDistributorSameCertNames) {
 | 
	
		
			
				|  |  | +  auto distributor = MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  XdsCertificateProvider provider("", distributor, "", distributor);
 | 
	
		
			
				|  |  | +  auto* watcher = new TestCertificatesWatcher;
 | 
	
		
			
				|  |  | +  provider.distributor()->WatchTlsCertificates(
 | 
	
		
			
				|  |  | +      std::unique_ptr<TestCertificatesWatcher>(watcher), "", "");
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Update both root certs and identity certs
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", kRootCert1, MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Second update for just root certs
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", kRootCert2, absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Second update for identity certs
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", absl::nullopt, MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Set error for root
 | 
	
		
			
				|  |  | +  distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "", GRPC_ERROR_CREATE_FROM_STATIC_STRING(kRootErrorMessage),
 | 
	
		
			
				|  |  | +      absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kRootErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Set error for identity
 | 
	
		
			
				|  |  | +  distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "", absl::nullopt,
 | 
	
		
			
				|  |  | +      GRPC_ERROR_CREATE_FROM_STATIC_STRING(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kRootErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update for root
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", kRootCert1, absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update for identity
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", absl::nullopt, MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +TEST(XdsCertificateProviderTest, SwapOutDistributorsMultipleTimes) {
 | 
	
		
			
				|  |  | +  auto distributor = MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", kRootCert1, MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  XdsCertificateProvider provider("", nullptr, "", nullptr);
 | 
	
		
			
				|  |  | +  auto* watcher = new TestCertificatesWatcher;
 | 
	
		
			
				|  |  | +  provider.distributor()->WatchTlsCertificates(
 | 
	
		
			
				|  |  | +      std::unique_ptr<TestCertificatesWatcher>(watcher), "", "");
 | 
	
		
			
				|  |  | +  // Initially there are no certificate providers.
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(
 | 
	
		
			
				|  |  | +                  "No certificate provider available for root certificates"));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(
 | 
	
		
			
				|  |  | +      grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +      ::testing::HasSubstr(
 | 
	
		
			
				|  |  | +          "No certificate provider available for identity certificates"));
 | 
	
		
			
				|  |  | +  // Update root cert distributor.
 | 
	
		
			
				|  |  | +  provider.UpdateRootCertNameAndDistributor("", distributor);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), absl::nullopt);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_THAT(
 | 
	
		
			
				|  |  | +      grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +      ::testing::HasSubstr(
 | 
	
		
			
				|  |  | +          "No certificate provider available for identity certificates"));
 | 
	
		
			
				|  |  | +  // Update identity cert distributor
 | 
	
		
			
				|  |  | +  provider.UpdateIdentityCertNameAndDistributor("", distributor);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Update both root and identity certs
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", kRootCert2, MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Set error for both root and identity
 | 
	
		
			
				|  |  | +  distributor->SetErrorForCert(
 | 
	
		
			
				|  |  | +      "", GRPC_ERROR_CREATE_FROM_STATIC_STRING(kRootErrorMessage),
 | 
	
		
			
				|  |  | +      GRPC_ERROR_CREATE_FROM_STATIC_STRING(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kRootErrorMessage));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(kIdentityErrorMessage));
 | 
	
		
			
				|  |  | +  // Send an update again
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", kRootCert1, MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Remove root cert provider
 | 
	
		
			
				|  |  | +  provider.UpdateRootCertNameAndDistributor("", nullptr);
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", kRootCert2, MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);  // not updated
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(
 | 
	
		
			
				|  |  | +                  "No certificate provider available for root certificates"));
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Remove identity cert provider too
 | 
	
		
			
				|  |  | +  provider.UpdateIdentityCertNameAndDistributor("", nullptr);
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("", kRootCert1, MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());  // not updated
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(
 | 
	
		
			
				|  |  | +                  "No certificate provider available for root certificates"));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(
 | 
	
		
			
				|  |  | +      grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +      ::testing::HasSubstr(
 | 
	
		
			
				|  |  | +          "No certificate provider available for identity certificates"));
 | 
	
		
			
				|  |  | +  // Change certificate names being watched, without any certificate updates.
 | 
	
		
			
				|  |  | +  provider.UpdateRootCertNameAndDistributor("root", distributor);
 | 
	
		
			
				|  |  | +  provider.UpdateIdentityCertNameAndDistributor("identity", distributor);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr(
 | 
	
		
			
				|  |  | +                  "No certificate provider available for root certificates"));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(
 | 
	
		
			
				|  |  | +      grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +      ::testing::HasSubstr(
 | 
	
		
			
				|  |  | +          "No certificate provider available for identity certificates"));
 | 
	
		
			
				|  |  | +  // Send out certificate updates.
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("root", kRootCert2, absl::nullopt);
 | 
	
		
			
				|  |  | +  distributor->SetKeyMaterials("identity", absl::nullopt,
 | 
	
		
			
				|  |  | +                               MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Swap in new certificate distributors with different certificate names and
 | 
	
		
			
				|  |  | +  // existing updates.
 | 
	
		
			
				|  |  | +  auto root_cert_distributor =
 | 
	
		
			
				|  |  | +      MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  auto identity_cert_distributor =
 | 
	
		
			
				|  |  | +      MakeRefCounted<grpc_tls_certificate_distributor>();
 | 
	
		
			
				|  |  | +  provider.UpdateRootCertNameAndDistributor("root", root_cert_distributor);
 | 
	
		
			
				|  |  | +  provider.UpdateIdentityCertNameAndDistributor("identity",
 | 
	
		
			
				|  |  | +                                                identity_cert_distributor);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Change certificate names without any certificate updates.
 | 
	
		
			
				|  |  | +  provider.UpdateRootCertNameAndDistributor("test", root_cert_distributor);
 | 
	
		
			
				|  |  | +  provider.UpdateIdentityCertNameAndDistributor("test",
 | 
	
		
			
				|  |  | +                                                identity_cert_distributor);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert2);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  // Send out certificate updates.
 | 
	
		
			
				|  |  | +  root_cert_distributor->SetKeyMaterials("test", kRootCert1,
 | 
	
		
			
				|  |  | +                                         MakeKeyCertPairsType1());
 | 
	
		
			
				|  |  | +  identity_cert_distributor->SetKeyMaterials("test", kRootCert2,
 | 
	
		
			
				|  |  | +                                             MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_certs(), kRootCert1);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2());
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->root_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +  EXPECT_EQ(watcher->identity_cert_error(), GRPC_ERROR_NONE);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +TEST(XdsCertificateProviderTest, CertificateNameNotEmpty) {
 | 
	
		
			
				|  |  | +  XdsCertificateProvider provider("", nullptr, "", nullptr);
 | 
	
		
			
				|  |  | +  auto* watcher = new TestCertificatesWatcher;
 | 
	
		
			
				|  |  | +  provider.distributor()->WatchTlsCertificates(
 | 
	
		
			
				|  |  | +      std::unique_ptr<TestCertificatesWatcher>(watcher), "test", "test");
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->root_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr("Illegal certificate name: \'test\'"));
 | 
	
		
			
				|  |  | +  EXPECT_THAT(grpc_error_string(watcher->identity_cert_error()),
 | 
	
		
			
				|  |  | +              ::testing::HasSubstr("Illegal certificate name: \'test\'"));
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +}  // namespace
 | 
	
		
			
				|  |  | +}  // namespace testing
 | 
	
		
			
				|  |  | +}  // namespace grpc_core
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +int main(int argc, char** argv) {
 | 
	
		
			
				|  |  | +  ::testing::InitGoogleTest(&argc, argv);
 | 
	
		
			
				|  |  | +  grpc::testing::TestEnvironment env(argc, argv);
 | 
	
		
			
				|  |  | +  grpc_init();
 | 
	
		
			
				|  |  | +  auto result = RUN_ALL_TESTS();
 | 
	
		
			
				|  |  | +  grpc_shutdown();
 | 
	
		
			
				|  |  | +  return result;
 | 
	
		
			
				|  |  | +}
 |