Skip to content

Commit 5285353

Browse files
kannanjgithubkannanjgithub
committed
Cache the peer verification result.
1 parent e42492b commit 5285353

File tree

1 file changed

+17
-5
lines changed

1 file changed

+17
-5
lines changed

netty/src/main/java/io/grpc/netty/NettyClientTransport.java

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@
6363
import java.nio.channels.ClosedChannelException;
6464
import java.security.cert.CertificateException;
6565
import java.util.Map;
66+
import java.util.concurrent.ConcurrentHashMap;
6667
import java.util.concurrent.Executor;
6768
import java.util.concurrent.TimeUnit;
6869
import java.util.logging.Level;
@@ -111,6 +112,7 @@ class NettyClientTransport implements ConnectionClientTransport {
111112
private final ChannelLogger channelLogger;
112113
private final boolean useGetForSafeMethods;
113114
private final Ticker ticker;
115+
private final ConcurrentHashMap<String, Boolean> authoritiesAllowedForPeer = new ConcurrentHashMap<>();
114116

115117
NettyClientTransport(
116118
SocketAddress address,
@@ -208,11 +210,21 @@ public ClientStream newStream(
208210
"Can't allow authority override in rpc when X509ExtendedTrustManager is not available"),
209211
tracers);
210212
}
211-
try {
212-
clientTlsProtocolNegotiator.verifyAuthorityAllowedForPeerCert(callOptions.getAuthority());
213-
} catch (SSLPeerUnverifiedException | CertificateException e) {
214-
logger.log(Level.FINE, "Peer hostname verification failed for authority '{}'.",
215-
callOptions.getAuthority());
213+
boolean peerVerified;
214+
if (authoritiesAllowedForPeer.containsKey(callOptions.getAuthority())) {
215+
peerVerified = authoritiesAllowedForPeer.get(callOptions.getAuthority());
216+
} else {
217+
try {
218+
clientTlsProtocolNegotiator.verifyAuthorityAllowedForPeerCert(callOptions.getAuthority());
219+
peerVerified = true;
220+
} catch (SSLPeerUnverifiedException | CertificateException e) {
221+
peerVerified = false;
222+
logger.log(Level.FINE, "Peer hostname verification failed for authority '{}'.",
223+
callOptions.getAuthority());
224+
}
225+
authoritiesAllowedForPeer.put(callOptions.getAuthority(), peerVerified);
226+
}
227+
if (!peerVerified) {
216228
return new FailingClientStream(Status.INTERNAL.withDescription(
217229
"Peer hostname verification failed for authority"), tracers);
218230
}

0 commit comments

Comments
 (0)