Add an option to set 'certificateVerification' to the client builder (#980)

glbrntt · web-flow · commit e2e138df61dc · 2020-09-30T16:44:14.000+01:00
Motivation:

We allow users to set the `certificateVerification` if they configure
their client directly using `ClientConnection.Configuration` but not via
the builder API.

Modifications:

- Add `withTLS(certificateVerification:)` to the client connection builder.
  (The same option is already available on the server builder)

Result:

Users can set the certificate verification mode on the client builder.
diff --git a/Sources/GRPC/GRPCChannel/GRPCChannelBuilder.swift b/Sources/GRPC/GRPCChannel/GRPCChannelBuilder.swift
@@ -227,6 +227,14 @@ extension ClientConnection.Builder.Secure {
     self.tls.trustRoots = trustRoots
     return self
   }
+
+  /// Whether to verify remote certificates. Defaults to `.fullVerification` if not otherwise
+  /// configured.
+  @discardableResult
+  public func withTLS(certificateVerification: CertificateVerification) -> Self {
+    self.tls.certificateVerification = certificateVerification
+    return self
+  }
 }
 
 extension ClientConnection.Builder {
diff --git a/Tests/GRPCTests/ClientTLSTests.swift b/Tests/GRPCTests/ClientTLSTests.swift
@@ -111,4 +111,29 @@ class ClientTLSHostnameOverrideTests: GRPCTestCase {
 
     try self.doTestUnary()
   }
+
+  func testTLSWithNoCertificateVerification() throws {
+    self.server = try Server.secure(
+      group: self.eventLoopGroup,
+      certificateChain: [SampleCertificate.server.certificate],
+      privateKey: SamplePrivateKey.server
+    )
+    .withServiceProviders([EchoProvider()])
+    .withLogger(self.serverLogger)
+    .bind(host: "localhost", port: 0)
+    .wait()
+
+    guard let port = self.server.channel.localAddress?.port else {
+      XCTFail("could not get server port")
+      return
+    }
+
+    self.connection = ClientConnection.secure(group: self.eventLoopGroup)
+      .withTLS(trustRoots: .certificates([]))
+      .withTLS(certificateVerification: .none)
+      .withBackgroundActivityLogger(self.clientLogger)
+      .connect(host: "localhost", port: port)
+
+    try self.doTestUnary()
+  }
 }
diff --git a/Tests/GRPCTests/XCTestManifests.swift b/Tests/GRPCTests/XCTestManifests.swift
@@ -96,6 +96,7 @@ extension ClientTLSHostnameOverrideTests {
     // to regenerate.
     static let __allTests__ClientTLSHostnameOverrideTests = [
         ("testTLSWithHostnameOverride", testTLSWithHostnameOverride),
+        ("testTLSWithNoCertificateVerification", testTLSWithNoCertificateVerification),
         ("testTLSWithoutHostnameOverride", testTLSWithoutHostnameOverride),
     ]
 }

Original file line number	Diff line number	Diff line change
`@@ -227,6 +227,14 @@ extension ClientConnection.Builder.Secure {`
`227`	`227`	`self.tls.trustRoots = trustRoots`
`228`	`228`	`return self`
`229`	`229`	`}`
	`230`	`+`
	`231`	+ /// Whether to verify remote certificates. Defaults to `.fullVerification` if not otherwise
	`232`	`+ /// configured.`
	`233`	`+ @discardableResult`
	`234`	`+ public func withTLS(certificateVerification: CertificateVerification) -> Self {`
	`235`	`+ self.tls.certificateVerification = certificateVerification`
	`236`	`+ return self`
	`237`	`+ }`
`230`	`238`	`}`
`231`	`239`
`232`	`240`	`extension ClientConnection.Builder {`
Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,7 @@ extension ClientTLSHostnameOverrideTests {`
`96`	`96`	`// to regenerate.`
`97`	`97`	`static let __allTests__ClientTLSHostnameOverrideTests = [`
`98`	`98`	`("testTLSWithHostnameOverride", testTLSWithHostnameOverride),`
	`99`	`+ ("testTLSWithNoCertificateVerification", testTLSWithNoCertificateVerification),`
`99`	`100`	`("testTLSWithoutHostnameOverride", testTLSWithoutHostnameOverride),`
`100`	`101`	`]`
`101`	`102`	`}`