Changes.

Author: kannanjgithub

api/src/main/java/io/grpc/ManagedChannelRegistry.java

@@ -181,21 +181,21 @@ ManagedChannelBuilder<?> newChannelBuilder(NameResolverRegistry nameResolverRegi
           + "artifact");
     }
     StringBuilder error = new StringBuilder();
-    for (ManagedChannelProvider provider : providers()) {
-      Collection<Class<? extends SocketAddress>> channelProviderSocketAddressTypes
-          = provider.getSupportedSocketAddressTypes();
-      if (!channelProviderSocketAddressTypes.containsAll(nameResolverSocketAddressTypes)) {
-        error.append("; ");
-        error.append(provider.getClass().getName());
-        error.append(": does not support 1 or more of ");
-        error.append(Arrays.toString(nameResolverSocketAddressTypes.toArray()));
-        continue;
-      }
-      ManagedChannelProvider.NewChannelBuilderResult result
-          = provider.newChannelBuilder(target, creds);
-      if (result.getChannelBuilder() != null) {
-        return result.getChannelBuilder();
-      }
+      for (ManagedChannelProvider provider : providers()) {
+        Collection<Class<? extends SocketAddress>> channelProviderSocketAddressTypes
+            = provider.getSupportedSocketAddressTypes();
+        if (!channelProviderSocketAddressTypes.containsAll(nameResolverSocketAddressTypes)) {
+          error.append("; ");
+          error.append(provider.getClass().getName());
+          error.append(": does not support 1 or more of ");
+          error.append(Arrays.toString(nameResolverSocketAddressTypes.toArray()));
+          continue;
+        }
+        ManagedChannelProvider.NewChannelBuilderResult result
+            = provider.newChannelBuilder(target, creds);
+        if (result.getChannelBuilder() != null) {
+          return result.getChannelBuilder();
+        }
       error.append("; ");
       error.append(provider.getClass().getName());
       error.append(": ");

examples/example-tls/build.gradle

@@ -28,6 +28,8 @@ def grpcVersion = '1.69.0-SNAPSHOT' // CURRENT_GRPC_VERSION
 def protocVersion = '3.25.5'
 
 dependencies {
+    implementation "io.grpc:grpc-api:${grpcVersion}"
+    implementation "io.grpc:grpc-okhttp:${grpcVersion}"
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     compileOnly "org.apache.tomcat:annotations-api:6.0.53"
@@ -74,8 +76,6 @@ application {
     applicationDistribution.into('bin') {
         from(helloWorldTlsServer)
         from(helloWorldTlsClient)
-        filePermissions {
-            unix(0755)
-        }
+        fileMode = 0755
     }
 }

examples/example-tls/src/main/java/io/grpc/examples/helloworldtls/HelloWorldClientTls.java

@@ -18,6 +18,7 @@
 
 import io.grpc.Channel;
 import io.grpc.Grpc;
+import io.grpc.okhttp.OkHttpChannelBuilder;
 import io.grpc.ManagedChannel;
 import io.grpc.StatusRuntimeException;
 import io.grpc.TlsChannelCredentials;
@@ -52,7 +53,9 @@ public void greet(String name) {
         HelloRequest request = HelloRequest.newBuilder().setName(name).build();
         HelloReply response;
         try {
-            response = blockingStub.sayHello(request);
+            response = io.grpc.stub.ClientCalls.blockingUnaryCall(
+                blockingStub.getChannel(), GreeterGrpc.getSayHelloMethod(),
+                blockingStub.getCallOptions().withAuthority("foo.test.google.in"), request);
         } catch (StatusRuntimeException e) {
             logger.log(Level.WARNING, "RPC failed: {0}", e.getStatus());
             return;
@@ -87,7 +90,7 @@ public static void main(String[] args) throws Exception {
         }
         String host = args[0];
         int port = Integer.parseInt(args[1]);
-        ManagedChannel channel = Grpc.newChannelBuilderForAddress(host, port, tlsBuilder.build())
+        ManagedChannel channel = OkHttpChannelBuilder.forAddress(host, port, tlsBuilder.build())
                 /* Only for using provided test certs. */
                 .overrideAuthority("foo.test.google.fr")
                 .build();

okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java

@@ -92,7 +92,7 @@ public final class OkHttpChannelBuilder extends ForwardingChannelBuilder2<OkHttp
   public static final int DEFAULT_FLOW_CONTROL_WINDOW = 65535;
 
   private final ManagedChannelImplBuilder managedChannelImplBuilder;
-  private final ChannelCredentials channelCrentials;
+  private final ChannelCredentials channelCredentials;
   private TransportTracer.Factory transportTracerFactory = TransportTracer.getDefaultFactory();
 
 
@@ -210,6 +210,7 @@ private OkHttpChannelBuilder(String target) {
         new OkHttpChannelTransportFactoryBuilder(),
         new OkHttpChannelDefaultPortProvider());
     this.freezeSecurityConfiguration = false;
+    this.channelCredentials = null;
   }
 
   OkHttpChannelBuilder(
@@ -222,7 +223,7 @@ private OkHttpChannelBuilder(String target) {
     this.sslSocketFactory = factory;
     this.negotiationType = factory == null ? NegotiationType.PLAINTEXT : NegotiationType.TLS;
     this.freezeSecurityConfiguration = true;
-    this.channelCrentials = channelCreds;
+    this.channelCredentials = channelCreds;
   }
 
   private final class OkHttpChannelTransportFactoryBuilder
@@ -905,7 +906,8 @@ public SwapChannelCredentialsResult swapChannelCredentials(ChannelCredentials ch
           keepAliveWithoutCalls,
           maxInboundMetadataSize,
           transportTracerFactory,
-          useGetForSafeMethods, managedChannelImplBuilder.getChannelCredentials());
+          useGetForSafeMethods,
+          channelCredentials);
       return new SwapChannelCredentialsResult(factory, result.callCredentials);
     }
 

okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java

@@ -114,6 +114,7 @@
 import javax.net.ssl.ExtendedSSLSession;
 import javax.net.ssl.HandshakeCompletedListener;
 import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
@@ -231,7 +232,8 @@ private static Map<ErrorCode, Status> buildErrorCodeToStatusMap() {
   private final boolean useGetForSafeMethods;
   @GuardedBy("lock")
   private final TransportTracer transportTracer;
-  private final ConcurrentHashMap<String, Boolean> authoritiesAllowedForPeer = new ConcurrentHashMap<>();
+  private final ConcurrentHashMap<String, Boolean> authoritiesAllowedForPeer =
+      new ConcurrentHashMap<>();
 
   @GuardedBy("lock")
   private final InUseStateAggregator<OkHttpClientStream> inUseState =
@@ -429,7 +431,8 @@ public ClientStream newStream(
     Preconditions.checkNotNull(headers, "headers");
     StatsTraceContext statsTraceContext =
         StatsTraceContext.newClientContext(tracers, getAttributes(), headers);
-    if (socket instanceof SSLSocket && callOptions.getAuthority() != null && channelCredentials != null && channelCredentials instanceof TlsChannelCredentials) {
+    if (socket instanceof SSLSocket && callOptions.getAuthority() != null
+        && channelCredentials != null && channelCredentials instanceof TlsChannelCredentials) {
       boolean isAuthorityValid;
       if (authoritiesAllowedForPeer.containsKey(callOptions.getAuthority())) {
         isAuthorityValid = authoritiesAllowedForPeer.get(callOptions.getAuthority());
@@ -446,8 +449,8 @@ public ClientStream newStream(
         }
         if (!x509ExtendedTrustManager.isPresent()) {
           return new FailingClientStream(Status.INTERNAL.withDescription(
-              "Can't allow authority override in rpc when X509ExtendedTrustManager is not available"),
-              tracers);
+              "Can't allow authority override in rpc when X509ExtendedTrustManager is not "
+                  + "available"), tracers);
         }
         try {
           Certificate[] peerCertificates = sslSession.getPeerCertificates();
@@ -495,8 +498,8 @@ private Optional<TrustManager> getX509ExtendedTrustManager(TlsChannelCredentials
       x509ExtendedTrustManager = tlsCreds.getTrustManagers().stream().filter(
           trustManager -> trustManager instanceof X509ExtendedTrustManager).findFirst();
     } else if (tlsCreds.getRootCertificates() != null) {
-      x509ExtendedTrustManager = CertificateUtils.getX509ExtendedTrustManager(new ByteArrayInputStream(
-          tlsCreds.getRootCertificates()));
+      x509ExtendedTrustManager = CertificateUtils.getX509ExtendedTrustManager(
+          new ByteArrayInputStream(tlsCreds.getRootCertificates()));
     } else { // else use system default
       TrustManagerFactory tmf = TrustManagerFactory.getInstance(
           TrustManagerFactory.getDefaultAlgorithm());
@@ -1573,6 +1576,13 @@ public boolean isConnected() {
       return sslSocket.isConnected();
     }
 
+    @Override
+    public SSLParameters getSSLParameters() {
+      SSLParameters sslParameters = sslSocket.getSSLParameters();
+      sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+      return sslParameters;
+    }
+
     @Override
     public String[] getSupportedCipherSuites() {
       return new String[0];
@@ -1669,7 +1679,7 @@ public boolean getEnableSessionCreation() {
   /**
    * Fake SSLSession instance that provides the peer host name to verify for per-rpc check.
    */
-  static class FakeSslSession extends ExtendedSSLSession {
+  static class FakeSslSession implements SSLSession {
 
     private final String peerHost;
 
@@ -1683,8 +1693,9 @@ public String getPeerHost() {
     }
 
     @SuppressWarnings("deprecation")
-    public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
-      throw new UnsupportedOperationException("This method is deprecated and marked for removal. Use the getPeerCertificates() method instead.");
+    public javax.security.cert.X509Certificate[] getPeerCertificateChain() {
+      throw new UnsupportedOperationException("This method is deprecated and marked for removal. "
+          + "Use the getPeerCertificates() method instead.");
     }
 
     @Override
@@ -1781,15 +1792,5 @@ public int getPacketBufferSize() {
     public int getApplicationBufferSize() {
       return 0;
     }
-
-    @Override
-    public String[] getLocalSupportedSignatureAlgorithms() {
-      return new String[0];
-    }
-
-    @Override
-    public String[] getPeerSupportedSignatureAlgorithms() {
-      return new String[0];
-    }
   }
 }