In progress changes.

Author: kannanjgithub

api/src/main/java/io/grpc/ManagedChannelRegistry.java

@@ -99,10 +99,10 @@ public int compare(ManagedChannelProvider o1, ManagedChannelProvider o2) {
   public static synchronized ManagedChannelRegistry getDefaultRegistry() {
     if (instance == null) {
       List<ManagedChannelProvider> providerList = ServiceProviders.loadAll(
-          ManagedChannelProvider.class,
-          getHardCodedClasses(),
-          ManagedChannelProvider.class.getClassLoader(),
-          new ManagedChannelPriorityAccessor());
+              ManagedChannelProvider.class,
+              getHardCodedClasses(),
+              ManagedChannelProvider.class.getClassLoader(),
+              new ManagedChannelPriorityAccessor());
       instance = new ManagedChannelRegistry();
       for (ManagedChannelProvider provider : providerList) {
         logger.fine("Service loader found " + provider);
@@ -157,7 +157,7 @@ ManagedChannelBuilder<?> newChannelBuilder(String target, ChannelCredentials cre
 
   @VisibleForTesting
   ManagedChannelBuilder<?> newChannelBuilder(NameResolverRegistry nameResolverRegistry,
-      String target, ChannelCredentials creds) {
+                                             String target, ChannelCredentials creds) {
     NameResolverProvider nameResolverProvider = null;
     try {
       URI uri = new URI(target);
@@ -167,35 +167,35 @@ ManagedChannelBuilder<?> newChannelBuilder(NameResolverRegistry nameResolverRegi
     }
     if (nameResolverProvider == null) {
       nameResolverProvider = nameResolverRegistry.getProviderForScheme(
-          nameResolverRegistry.getDefaultScheme());
+              nameResolverRegistry.getDefaultScheme());
     }
     Collection<Class<? extends SocketAddress>> nameResolverSocketAddressTypes
-        = (nameResolverProvider != null)
-        ? nameResolverProvider.getProducedSocketAddressTypes() :
-        Collections.emptySet();
+            = (nameResolverProvider != null)
+            ? nameResolverProvider.getProducedSocketAddressTypes() :
+            Collections.emptySet();
 
     List<ManagedChannelProvider> providers = providers();
     if (providers.isEmpty()) {
       throw new ProviderNotFoundException("No functional channel service provider found. "
-          + "Try adding a dependency on the grpc-okhttp, grpc-netty, or grpc-netty-shaded "
-          + "artifact");
+              + "Try adding a dependency on the grpc-okhttp, grpc-netty, or grpc-netty-shaded "
+              + "artifact");
     }
     StringBuilder error = new StringBuilder();
-      for (ManagedChannelProvider provider : providers()) {
-        Collection<Class<? extends SocketAddress>> channelProviderSocketAddressTypes
-            = provider.getSupportedSocketAddressTypes();
-        if (!channelProviderSocketAddressTypes.containsAll(nameResolverSocketAddressTypes)) {
-          error.append("; ");
-          error.append(provider.getClass().getName());
-          error.append(": does not support 1 or more of ");
-          error.append(Arrays.toString(nameResolverSocketAddressTypes.toArray()));
-          continue;
-        }
-        ManagedChannelProvider.NewChannelBuilderResult result
-            = provider.newChannelBuilder(target, creds);
-        if (result.getChannelBuilder() != null) {
-          return result.getChannelBuilder();
-        }
+    for (ManagedChannelProvider provider : providers()) {
+      Collection<Class<? extends SocketAddress>> channelProviderSocketAddressTypes
+              = provider.getSupportedSocketAddressTypes();
+      if (!channelProviderSocketAddressTypes.containsAll(nameResolverSocketAddressTypes)) {
+        error.append("; ");
+        error.append(provider.getClass().getName());
+        error.append(": does not support 1 or more of ");
+        error.append(Arrays.toString(nameResolverSocketAddressTypes.toArray()));
+        continue;
+      }
+      ManagedChannelProvider.NewChannelBuilderResult result
+              = provider.newChannelBuilder(target, creds);
+      if (result.getChannelBuilder() != null) {
+        return result.getChannelBuilder();
+      }
       error.append("; ");
       error.append(provider.getClass().getName());
       error.append(": ");
@@ -205,7 +205,7 @@ ManagedChannelBuilder<?> newChannelBuilder(NameResolverRegistry nameResolverRegi
   }
 
   private static final class ManagedChannelPriorityAccessor
-      implements ServiceProviders.PriorityAccessor<ManagedChannelProvider> {
+          implements ServiceProviders.PriorityAccessor<ManagedChannelProvider> {
     @Override
     public boolean isAvailable(ManagedChannelProvider provider) {
       return provider.isAvailable();
@@ -225,4 +225,4 @@ public ProviderNotFoundException(String msg) {
       super(msg);
     }
   }
-}
+}

okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java

@@ -111,7 +111,6 @@
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.GuardedBy;
 import javax.net.SocketFactory;
-import javax.net.ssl.ExtendedSSLSession;
 import javax.net.ssl.HandshakeCompletedListener;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLParameters;
@@ -232,7 +231,7 @@ private static Map<ErrorCode, Status> buildErrorCodeToStatusMap() {
   private final boolean useGetForSafeMethods;
   @GuardedBy("lock")
   private final TransportTracer transportTracer;
-  private final ConcurrentHashMap<String, Boolean> authoritiesAllowedForPeer =
+  private final ConcurrentHashMap<String, Boolean> authorityVerificationStatuses =
       new ConcurrentHashMap<>();
 
   @GuardedBy("lock")
@@ -433,9 +432,12 @@ public ClientStream newStream(
         StatsTraceContext.newClientContext(tracers, getAttributes(), headers);
     if (socket instanceof SSLSocket && callOptions.getAuthority() != null
         && channelCredentials != null && channelCredentials instanceof TlsChannelCredentials) {
+      if (hostnameVerifier != null) {
+        hostnameVerifier.verify(callOptions.getAuthority(), ((SSLSocket) socket).getSession());
+      }
       boolean isAuthorityValid;
-      if (authoritiesAllowedForPeer.containsKey(callOptions.getAuthority())) {
-        isAuthorityValid = authoritiesAllowedForPeer.get(callOptions.getAuthority());
+      if (authorityVerificationStatuses.containsKey(callOptions.getAuthority())) {
+        isAuthorityValid = authorityVerificationStatuses.get(callOptions.getAuthority());
       } else {
         Optional<TrustManager> x509ExtendedTrustManager;
         try {
@@ -461,10 +463,10 @@ public ClientStream newStream(
           ((X509ExtendedTrustManager) x509ExtendedTrustManager.get()).checkServerTrusted(
               x509PeerCertificates, "RSA",
               new SslSocketWrapper((SSLSocket) socket, callOptions.getAuthority()));
-          authoritiesAllowedForPeer.put(callOptions.getAuthority(), true);
+          authorityVerificationStatuses.put(callOptions.getAuthority(), true);
         } catch (SSLPeerUnverifiedException | CertificateException e) {
           log.log(Level.FINE, "Failure in verifying authority against peer", e);
-          authoritiesAllowedForPeer.put(callOptions.getAuthority(), false);
+          authorityVerificationStatuses.put(callOptions.getAuthority(), false);
           return new FailingClientStream(Status.INTERNAL.withDescription(
               "Failure in verifying authority against peer"),
               tracers);