Authority verify in Netty transport.

Author: kannanjgithub

examples/example-tls/build.gradle

@@ -30,6 +30,7 @@ def protocVersion = '3.25.5'
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
+    implementation "io.grpc:grpc-api:${grpcVersion}"
     compileOnly "org.apache.tomcat:annotations-api:6.0.53"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }

netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java

@@ -602,7 +602,6 @@ protected void userEventTriggered0(ChannelHandlerContext ctx, Object evt) throws
   static final class ClientTlsProtocolNegotiator implements ProtocolNegotiator {
 
     private SSLEngine sslEngine;
-    private SSLSession sslHandshakeSession;
 
     public ClientTlsProtocolNegotiator(SslContext sslContext,
         ObjectPool<? extends Executor> executorPool, Optional<Runnable> handshakeCompleteRunnable,
@@ -664,7 +663,6 @@ public void verifyAuthorityAllowedForPeerCert(String authority)
 
     public void setSslEngine(SSLEngine sslEngine) {
       this.sslEngine = sslEngine;
-      this.sslHandshakeSession = sslEngine.getHandshakeSession();
     }
   }
 
@@ -1223,13 +1221,7 @@ public String getPeerHost() {
 
     @Override
     public SSLSession getHandshakeSession() {
-      List<byte[]> statusResponses;
-      if (sslEngine.getHandshakeSession() instanceof ExtendedSSLSession) {
-        statusResponses = ((ExtendedSSLSession) sslEngine.getHandshakeSession()).getStatusResponses();
-      } else {
-        statusResponses = Collections.<byte[]>emptyList();
-      }
-      return new FakeExtendedSSLSession(peerHost, statusResponses);
+      return new FakeSSLSession(peerHost);
     }
 
     @Override
@@ -1360,54 +1352,28 @@ public boolean getEnableSessionCreation() {
     }
   }
 
-  static class FakeExtendedSSLSession extends ExtendedSSLSession {
+  static class FakeSSLSession implements SSLSession {
     private final String peerHost;
-    private final List<byte[]> statusResponses;
 
-    FakeExtendedSSLSession(String peerHost, List<byte[]> statusResponses) {
+    FakeSSLSession(String peerHost) {
       this.peerHost = peerHost;
-      this.statusResponses = statusResponses;
     }
 
     @Override
-    public String getPeerHost() {
-      return peerHost;
+    public byte[] getId() {
+      return new byte[0];
     }
 
     @Override
-    public List<SNIServerName> getRequestedServerNames() {
-      return Collections.<SNIServerName>emptyList();
-    }
-
-    public List<byte[]> getStatusResponses() {
-      return statusResponses;
+    public SSLSessionContext getSessionContext() {
+      return null;
     }
 
     @Override
     public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
       throw new UnsupportedOperationException("This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.");
     }
 
-    @Override
-    public String[] getLocalSupportedSignatureAlgorithms() {
-      return new String[0];
-    }
-
-    @Override
-    public String[] getPeerSupportedSignatureAlgorithms() {
-      return new String[0];
-    }
-
-    @Override
-    public byte[] getId() {
-      return new byte[0];
-    }
-
-    @Override
-    public SSLSessionContext getSessionContext() {
-      return null;
-    }
-
     @Override
     public long getCreationTime() {
       return 0;
@@ -1478,6 +1444,11 @@ public String getProtocol() {
       return null;
     }
 
+    @Override
+    public String getPeerHost() {
+      return peerHost;
+    }
+
     @Override
     public int getPeerPort() {
       return 0;

netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java

@@ -951,7 +951,7 @@ private static class Rpc {
 
     Rpc(NettyClientTransport transport, Metadata headers) {
       stream = transport.newStream(
-          METHOD, headers, CallOptions.DEFAULT,
+          METHOD, headers, CallOptions.DEFAULT.withAuthority("wrong-authority"),
           new ClientStreamTracer[]{ new ClientStreamTracer() {} });
       stream.start(listener);
       stream.request(1);