grpc-native: Add overrideAuthority on native

Signed-off-by: Johannes Zottele <[email protected]>

Author: Jozott00

grpc/grpc-core/src/commonTest/kotlin/kotlinx/rpc/grpc/test/proto/GrpcbInTlsTest.kt renamed to grpc/grpc-core/src/commonTest/kotlin/kotlinx/rpc/grpc/test/certs.kt

@@ -2,135 +2,11 @@
  * Copyright 2023-2025 JetBrains s.r.o and contributors. Use of this source code is governed by the Apache 2.0 license.
  */
 
-package kotlinx.rpc.grpc.test.proto
+package kotlinx.rpc.grpc.test
 
-import hello.HelloRequest
-import hello.HelloService
-import hello.invoke
-import kotlinx.coroutines.test.runTest
-import kotlinx.rpc.grpc.GrpcClient
-import kotlinx.rpc.grpc.GrpcServer
-import kotlinx.rpc.grpc.TlsChannelCredentials
-import kotlinx.rpc.grpc.TlsClientAuth
-import kotlinx.rpc.grpc.TlsServerCredentials
-import kotlinx.rpc.grpc.test.EchoRequest
-import kotlinx.rpc.grpc.test.EchoService
-import kotlinx.rpc.grpc.test.EchoServiceImpl
-import kotlinx.rpc.grpc.test.invoke
-import kotlinx.rpc.registerService
-import kotlinx.rpc.withService
-import kotlin.test.Test
+// Certs are taken from grpc-java/testing/src/main/resources/certs
 
-private const val PORT = 50051
-
-class GrpcbInTlsTest {
-
-
-    @Test
-    fun testTlsCall() = runTest {
-        // uses default TLS credentials
-        val grpcClient = GrpcClient("grpcb.in", 9001)
-        val service = grpcClient.withService<HelloService>()
-        val request = HelloRequest {
-            greeting = "Postman"
-        }
-        val result = service.SayHello(request)
-
-        println(result.reply)
-
-        // Ensure we don't leak the client channel between tests
-        grpcClient.shutdown()
-        grpcClient.awaitTermination()
-    }
-
-
-    @Test
-    fun testCustomTls() = runTest {
-        val serverTls = TlsServerCredentials(SERVER_CERT_PEM, SERVER_KEY_PEM)
-
-        val grpcServer = GrpcServer(
-            PORT,
-            credentials = serverTls,
-            builder = {
-                registerService<EchoService> { EchoServiceImpl() }
-            })
-        grpcServer.start()
-
-        val clientTls = TlsChannelCredentials {
-            trustManager(SERVER_CERT_PEM)
-        }
-
-        val grpcClient = GrpcClient(
-            "localhost", PORT,
-            credentials = clientTls,
-        ) {}
-
-        val service = grpcClient.withService<EchoService>()
-        val request = EchoRequest {
-            message = "Postman"
-        }
-
-        try {
-            service.UnaryEcho(request)
-        } catch (t: Throwable) {
-            println("[DEBUG_LOG] TLS test failed: ${t::class.simpleName}: ${t.message}")
-            t.printStackTrace()
-            throw t
-        } finally {
-            grpcServer.shutdown()
-            grpcServer.awaitTermination()
-            grpcClient.shutdown()
-            grpcClient.awaitTermination()
-        }
-    }
-
-    @Test
-    fun testCustomMTls() = runTest {
-        val serverTls = TlsServerCredentials(SERVER_CERT_PEM, SERVER_KEY_PEM) {
-            trustManager(CA_PEM)
-            clientAuth(TlsClientAuth.REQUIRE)
-        }
-
-        val grpcServer = GrpcServer(
-            PORT,
-            credentials = serverTls,
-            builder = {
-                registerService<EchoService> { EchoServiceImpl() }
-            })
-        grpcServer.start()
-
-        val clientTls = TlsChannelCredentials {
-            keyManager(CLIENT_CERT_PEM, CLIENT_KEY_PEM)
-            trustManager(CA_PEM)
-        }
-
-        val grpcClient = GrpcClient(
-            "localhost", PORT,
-            credentials = clientTls,
-        ) {
-            overrideAuthority("foo.test.google.fr")
-        }
-
-        val service = grpcClient.withService<EchoService>()
-        val request = EchoRequest {
-            message = "Postman"
-        }
-
-        try {
-            service.UnaryEcho(request)
-        } catch (t: Throwable) {
-            println("[DEBUG_LOG] TLS test failed: ${t::class.simpleName}: ${t.message}")
-            t.printStackTrace()
-            throw t
-        } finally {
-            grpcServer.shutdown()
-            grpcServer.awaitTermination()
-            grpcClient.shutdown()
-            grpcClient.awaitTermination()
-        }
-    }
-
-    private val CA_PEM = """
+val CA_PEM = """
     -----BEGIN CERTIFICATE-----
     MIIDWjCCAkKgAwIBAgIUWrP0VvHcy+LP6UuYNtiL9gBhD5owDQYJKoZIhvcNAQEL
     BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
@@ -153,7 +29,7 @@ class GrpcbInTlsTest {
     -----END CERTIFICATE-----
     """.trimIndent()
 
-    private val SERVER_CERT_PEM = """
+val SERVER_CERT_PEM = """
     -----BEGIN CERTIFICATE-----
     MIIDtDCCApygAwIBAgIUbJfTREJ6k6/+oInWhV1O1j3ZT0IwDQYJKoZIhvcNAQEL
     BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
@@ -178,7 +54,7 @@ class GrpcbInTlsTest {
     -----END CERTIFICATE-----
     """.trimIndent()
 
-    private val SERVER_KEY_PEM = """
+val SERVER_KEY_PEM = """
     -----BEGIN PRIVATE KEY-----
     MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDnE443EknxvxBq
     6+hvn/t09hl8hx366EBYvZmVM/NC+7igXRAjiJiA/mIaCvL3MS0Iz5hBLxSGICU+
@@ -209,7 +85,7 @@ class GrpcbInTlsTest {
     -----END PRIVATE KEY-----
     """.trimIndent()
 
-    private val CLIENT_CERT_PEM = """
+val CLIENT_CERT_PEM = """
     -----BEGIN CERTIFICATE-----
     MIIDNzCCAh8CFGyX00RCepOv/qCJ1oVdTtY92U83MA0GCSqGSIb3DQEBCwUAMFYx
     CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
@@ -232,7 +108,7 @@ class GrpcbInTlsTest {
     -----END CERTIFICATE-----
     """.trimIndent()
 
-    private val CLIENT_KEY_PEM = """
+val CLIENT_KEY_PEM = """
     -----BEGIN PRIVATE KEY-----
     MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyqYRp+DXVp72N
     FbQH8hdhTZLycZXOlJhmMsrJmrjn2p7pI/8mTZ/0FC+SGWBGZV+ELiHrmCX5zfaI
@@ -261,6 +137,4 @@ class GrpcbInTlsTest {
     7vztKEH85yzp4n02FNL6H7xL4VVILvyZHdolmiORJ4qT2hZnl8pEQ2TYuF4RlHUd
     nSwXX+2o0J/nF85fm4AwWKAc
     -----END PRIVATE KEY-----
-    """.trimIndent()
-
-}
+    """.trimIndent()

grpc/grpc-core/src/commonTest/kotlin/kotlinx/rpc/grpc/test/proto/GrpcProtoTest.kt

@@ -8,30 +8,46 @@ import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import kotlinx.coroutines.test.runTest
 import kotlinx.rpc.RpcServer
+import kotlinx.rpc.grpc.ChannelCredentials
 import kotlinx.rpc.grpc.GrpcClient
 import kotlinx.rpc.grpc.GrpcServer
+import kotlinx.rpc.grpc.ServerCredentials
 
 abstract class GrpcProtoTest {
     private val serverMutex = Mutex()
 
     abstract fun RpcServer.registerServices()
 
-    protected fun runGrpcTest(test: suspend (GrpcClient) -> Unit) = runTest {
+    protected fun runGrpcTest(
+        serverCreds: ServerCredentials? = null,
+        clientCreds: ChannelCredentials? = null,
+        overrideAuthority: String? = null,
+        test: suspend (GrpcClient) -> Unit,
+    ) = runTest {
         serverMutex.withLock {
-            val grpcClient = GrpcClient("localhost", PORT) {
-                usePlaintext()
+            val grpcClient = GrpcClient("localhost", PORT, credentials = clientCreds) {
+                if (overrideAuthority != null) overrideAuthority(overrideAuthority)
+                if (clientCreds == null) {
+                    usePlaintext()
+                }
             }
 
-            val grpcServer = GrpcServer(PORT, builder = {
-                registerServices()
-            })
+            val grpcServer = GrpcServer(
+                PORT,
+                credentials = serverCreds,
+                builder = {
+                    registerServices()
+                })
 
             grpcServer.start()
-            test(grpcClient)
-            grpcServer.shutdown()
-            grpcServer.awaitTermination()
-            grpcClient.shutdown()
-            grpcClient.awaitTermination()
+            try {
+                test(grpcClient)
+            } finally {
+                grpcServer.shutdown()
+                grpcServer.awaitTermination()
+                grpcClient.shutdown()
+                grpcClient.awaitTermination()
+            }
         }
     }
 

grpc/grpc-core/src/commonTest/kotlin/kotlinx/rpc/grpc/test/proto/GrpcbTlsTest.kt

@@ -0,0 +1,86 @@
+/*
+ * Copyright 2023-2025 JetBrains s.r.o and contributors. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package kotlinx.rpc.grpc.test.proto
+
+import hello.HelloRequest
+import hello.HelloService
+import hello.invoke
+import kotlinx.coroutines.test.runTest
+import kotlinx.rpc.RpcServer
+import kotlinx.rpc.grpc.GrpcClient
+import kotlinx.rpc.grpc.TlsChannelCredentials
+import kotlinx.rpc.grpc.TlsClientAuth
+import kotlinx.rpc.grpc.TlsServerCredentials
+import kotlinx.rpc.grpc.test.CA_PEM
+import kotlinx.rpc.grpc.test.CLIENT_CERT_PEM
+import kotlinx.rpc.grpc.test.CLIENT_KEY_PEM
+import kotlinx.rpc.grpc.test.EchoRequest
+import kotlinx.rpc.grpc.test.EchoService
+import kotlinx.rpc.grpc.test.EchoServiceImpl
+import kotlinx.rpc.grpc.test.SERVER_CERT_PEM
+import kotlinx.rpc.grpc.test.SERVER_KEY_PEM
+import kotlinx.rpc.grpc.test.invoke
+import kotlinx.rpc.registerService
+import kotlinx.rpc.withService
+import kotlin.test.Test
+import kotlin.test.assertEquals
+
+class GrpcbTlsTest : GrpcProtoTest() {
+
+    override fun RpcServer.registerServices() {
+        registerService<EchoService> { EchoServiceImpl() }
+    }
+
+    @Test
+    fun testDefaultTlsCall() = runTest {
+        // uses default client TLS credentials
+        val grpcClient = GrpcClient("grpcb.in", 9001)
+        val service = grpcClient.withService<HelloService>()
+        val request = HelloRequest {
+            greeting = "world"
+        }
+        val result = service.SayHello(request)
+
+        assertEquals("hello world", result.reply)
+
+        // Ensure we don't leak the client channel between tests
+        grpcClient.shutdown()
+        grpcClient.awaitTermination()
+    }
+
+
+    @Test
+    fun testCustomTls() {
+        val serverTls = TlsServerCredentials(SERVER_CERT_PEM, SERVER_KEY_PEM)
+        val clientTls = TlsChannelCredentials { trustManager(SERVER_CERT_PEM) }
+
+        runGrpcTest(serverTls, clientTls, overrideAuthority = "foo.test.google.fr") { client ->
+            val service = client.withService<EchoService>()
+            val request = EchoRequest { message = "Echo" }
+            val response = service.UnaryEcho(request)
+            assertEquals("Echo", response.message)
+        }
+    }
+
+    @Test
+    fun testCustomMTls() = runTest {
+        val serverTls = TlsServerCredentials(SERVER_CERT_PEM, SERVER_KEY_PEM) {
+            trustManager(CA_PEM)
+            clientAuth(TlsClientAuth.REQUIRE)
+        }
+        val clientTls = TlsChannelCredentials {
+            keyManager(CLIENT_CERT_PEM, CLIENT_KEY_PEM)
+            trustManager(CA_PEM)
+        }
+
+        runGrpcTest(serverTls, clientTls, overrideAuthority = "foo.test.google.fr") { client ->
+            val service = client.withService<EchoService>()
+            val request = EchoRequest { message = "Echo" }
+            val response = service.UnaryEcho(request)
+            assertEquals("Echo", response.message)
+        }
+    }
+
+}

grpc/grpc-core/src/nativeMain/kotlin/kotlinx/rpc/grpc/internal/NativeManagedChannel.kt

@@ -10,6 +10,10 @@ import cnames.structs.grpc_channel
 import kotlinx.atomicfu.atomic
 import kotlinx.cinterop.CPointer
 import kotlinx.cinterop.ExperimentalForeignApi
+import kotlinx.cinterop.alloc
+import kotlinx.cinterop.cstr
+import kotlinx.cinterop.memScoped
+import kotlinx.cinterop.ptr
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.SupervisorJob
@@ -21,6 +25,9 @@ import kotlinx.rpc.grpc.ManagedChannelPlatform
 import libkgrpc.GPR_CLOCK_REALTIME
 import libkgrpc.GRPC_PROPAGATE_DEFAULTS
 import libkgrpc.gpr_inf_future
+import libkgrpc.grpc_arg
+import libkgrpc.grpc_arg_type
+import libkgrpc.grpc_channel_args
 import libkgrpc.grpc_channel_create
 import libkgrpc.grpc_channel_create_call
 import libkgrpc.grpc_channel_destroy
@@ -55,8 +62,22 @@ internal class NativeManagedChannel(
     // the channel's completion queue, handling all request operations
     private val cq = CompletionQueue()
 
-    internal val raw: CPointer<grpc_channel> = grpc_channel_create(target, credentials.raw, null)
-        ?: error("Failed to create channel")
+    internal val raw: CPointer<grpc_channel> = memScoped {
+        val args = authority?.let {
+            var authorityOverride = alloc<grpc_arg> {
+                type = grpc_arg_type.GRPC_ARG_STRING
+                key = "grpc.ssl_target_name_override".cstr.ptr
+                value.string = authority.cstr.ptr
+            }
+
+            alloc<grpc_channel_args> {
+                num_args = 1u
+                args = authorityOverride.ptr
+            }
+        }
+        grpc_channel_create(target, credentials.raw, args?.ptr)
+            ?: error("Failed to create channel")
+    }
 
     @Suppress("unused")
     private val rawCleaner = createCleaner(raw) {
@@ -123,21 +144,19 @@ internal class NativeManagedChannel(
         // to construct a valid HTTP/2 path, we must prepend the name with a slash.
         // the user does not do this to align it with the java implementation.
         val methodNameSlice = "/$methodFullName".toGrpcSlice()
-        val authoritySlice = authority?.toGrpcSlice()
 
         val rawCall = grpc_channel_create_call(
             channel = raw,
             parent_call = null,
             propagation_mask = GRPC_PROPAGATE_DEFAULTS,
             completion_queue = cq.raw,
             method = methodNameSlice,
-            host = authoritySlice,
+            host = null,
             deadline = gpr_inf_future(GPR_CLOCK_REALTIME),
             reserved = null
         ) ?: error("Failed to create call")
 
         grpc_slice_unref(methodNameSlice)
-        authoritySlice?.let { grpc_slice_unref(it) }
 
         return NativeClientCall(
             cq, rawCall, methodDescriptor, callJob