Review comments

kannanjgithub · kannanjgithub · commit 671444b72a1a · 2025-02-19T18:45:24.000+05:30
diff --git a/netty/src/main/java/io/grpc/netty/GrpcHttp2OutboundHeaders.java b/netty/src/main/java/io/grpc/netty/GrpcHttp2OutboundHeaders.java
@@ -46,16 +46,6 @@ static GrpcHttp2OutboundHeaders clientRequestHeaders(byte[][] serializedMetadata
     return new GrpcHttp2OutboundHeaders(preHeaders, serializedMetadata);
   }
 
-  @Override
-  public String authority() {
-    for (int i = 0; i < preHeaders.length / 2; i++) {
-      if (preHeaders[i].equals(Http2Headers.PseudoHeaderName.AUTHORITY.value())) {
-        return preHeaders[i + 1].toString();
-      }
-    }
-    return "";
-  }
-
   static GrpcHttp2OutboundHeaders serverResponseHeaders(byte[][] serializedMetadata) {
     AsciiString[] preHeaders = new AsciiString[] {
         Http2Headers.PseudoHeaderName.STATUS.value(), Utils.STATUS_OK,
@@ -76,6 +66,18 @@ private GrpcHttp2OutboundHeaders(AsciiString[] preHeaders, byte[][] serializedMe
     this.preHeaders = preHeaders;
   }
 
+  @Override
+  public CharSequence authority() {
+    CharSequence authority = null;
+    for (int i = 0; i < preHeaders.length / 2; i++) {
+      if (preHeaders[i].equals(Http2Headers.PseudoHeaderName.AUTHORITY.value())) {
+        authority = preHeaders[i + 1];
+      }
+    }
+    assert authority != null;
+    return authority;
+  }
+
   @Override
   @SuppressWarnings("ReferenceEquality") // STATUS.value() never changes.
   public CharSequence status() {
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -603,38 +603,46 @@ private void createStream(CreateStreamCommand command, ChannelPromise promise)
       return;
     }
 
-    CharSequence authority = command.headers().authority();
-    if (authority != null) {
-      Status authorityVerificationStatus = peerVerificationResults.get(authority.toString());
-      if (authorityVerificationStatus == null) {
-        if (attributes != null
-                && attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER) != null) {
-          authorityVerificationStatus = attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER)
-                  .verifyAuthority(authority.toString());
-          peerVerificationResults.put(authority.toString(), authorityVerificationStatus);
-          if (!authorityVerificationStatus.isOk() && !enablePerRpcAuthorityCheck) {
-            logger.log(Level.WARNING, String.format("%s.%s",
-                            authorityVerificationStatus.getDescription(), enablePerRpcAuthorityCheck
-                                    ? "" : " This will be an error in the future."),
-                    InternalStatus.asRuntimeExceptionWithoutStacktrace(authorityVerificationStatus, null));
+    CharSequence authorityHeader = command.headers().authority();
+    if (authorityHeader != null) {
+      // No need to verify authority for the rpc outgoing header if it is same as the authority
+      // for the transport
+      if (!authority.contentEquals(authorityHeader)) {
+        Status authorityVerificationStatus = peerVerificationResults.get(
+                authorityHeader.toString());
+        if (authorityVerificationStatus == null) {
+          if (attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER) != null) {
+            authorityVerificationStatus = attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER)
+                    .verifyAuthority(authorityHeader.toString());
+            peerVerificationResults.put(authorityHeader.toString(), authorityVerificationStatus);
+            if (!authorityVerificationStatus.isOk() && !enablePerRpcAuthorityCheck) {
+              logger.log(Level.WARNING, String.format("%s.%s",
+                              authorityVerificationStatus.getDescription(),
+                              enablePerRpcAuthorityCheck
+                                      ? "" : " This will be an error in the future."),
+                      InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                              authorityVerificationStatus, null));
+            }
+          } else {
+            authorityVerificationStatus = Status.UNAVAILABLE.withDescription(
+                    "Authority verifier not found to verify authority");
+            command.stream().setNonExistent();
+            command.stream().transportReportStatus(
+                    authorityVerificationStatus, RpcProgress.PROCESSED, true, new Metadata());
+            promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                    authorityVerificationStatus, null));
+            return;
           }
-        } else {
-          authorityVerificationStatus = Status.UNAVAILABLE.withDescription(
-                  "Authority verifier not found to verify authority");
-          command.stream().setNonExistent();
-          command.stream().transportReportStatus(
-                  authorityVerificationStatus, RpcProgress.DROPPED, true, new Metadata());
-          promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(authorityVerificationStatus, null));
-          return;
         }
-      }
-      if (authorityVerificationStatus != null && !authorityVerificationStatus.isOk()) {
-        if (enablePerRpcAuthorityCheck) {
-          command.stream().setNonExistent();
-          command.stream().transportReportStatus(
-                  authorityVerificationStatus, RpcProgress.DROPPED, true, new Metadata());
-          promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(authorityVerificationStatus, null));
-          return;
+        if (authorityVerificationStatus != null && !authorityVerificationStatus.isOk()) {
+          if (enablePerRpcAuthorityCheck) {
+            command.stream().setNonExistent();
+            command.stream().transportReportStatus(
+                    authorityVerificationStatus, RpcProgress.PROCESSED, true, new Metadata());
+            promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                    authorityVerificationStatus, null));
+            return;
+          }
         }
       }
     } else {
@@ -643,7 +651,8 @@ private void createStream(CreateStreamCommand command, ChannelPromise promise)
       command.stream().setNonExistent();
       command.stream().transportReportStatus(
               Status.UNAVAILABLE, RpcProgress.DROPPED, true, new Metadata());
-      promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(authorityVerificationStatus, null));
+      promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+              authorityVerificationStatus, null));
       return;
     }
     // Get the stream ID for the new stream.
diff --git a/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java b/netty/src/test/java/io/grpc/netty/NettyClientHandlerTest.java
@@ -112,7 +112,6 @@
 import org.mockito.ArgumentCaptor;
 import org.mockito.ArgumentMatchers;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.junit.MockitoJUnit;
 import org.mockito.junit.MockitoRule;
@@ -937,7 +936,8 @@ public void missingAuthorityHeader_streamCreationShouldFail() throws Exception {
             .add(as("auth"), as("sometoken"))
             .add(CONTENT_TYPE_HEADER, CONTENT_TYPE_GRPC)
             .add(TE_HEADER, TE_TRAILERS);
-    ChannelFuture channelFuture = enqueue(newCreateStreamCommand(grpcHeadersWithoutAuthority, streamTransportState));
+    ChannelFuture channelFuture = enqueue(newCreateStreamCommand(
+            grpcHeadersWithoutAuthority, streamTransportState));
     try {
       channelFuture.get();
       fail("Expected stream creation failure");
@@ -948,24 +948,23 @@ public void missingAuthorityHeader_streamCreationShouldFail() throws Exception {
 
   @Test
   public void missingAuthorityVerifierInAttributes_streamCreationShouldFail() throws Exception {
-    doAnswer(
-            new Answer<Void>() {
-              @Override
-              public Void answer(InvocationOnMock invocation) throws Throwable {
-                StreamListener.MessageProducer producer =
-                        (StreamListener.MessageProducer) invocation.getArguments()[0];
-                InputStream message;
-                while ((message = producer.next()) != null) {
-                  streamListenerMessageQueue.add(message);
-                }
-                return null;
-              }
-            })
-            .when(streamListener)
-            .messagesAvailable(ArgumentMatchers.<StreamListener.MessageProducer>any());
+    doAnswer(new Answer<Void>() {
+      @Override
+      public Void answer(InvocationOnMock invocation) throws Throwable {
+        StreamListener.MessageProducer producer =
+                (StreamListener.MessageProducer) invocation.getArguments()[0];
+        InputStream message;
+        while ((message = producer.next()) != null) {
+          streamListenerMessageQueue.add(message);
+        }
+        return null;
+      }
+    })
+        .when(streamListener)
+        .messagesAvailable(ArgumentMatchers.<StreamListener.MessageProducer>any());
     doAnswer((attributes) -> Attributes.EMPTY)
-            .when(listener)
-            .filterTransport(ArgumentMatchers.any(Attributes.class));
+        .when(listener)
+        .filterTransport(ArgumentMatchers.any(Attributes.class));
     lifecycleManager = new ClientTransportLifecycleManager(listener);
     // This mocks the keepalive manager only for there's in which we verify it. For other tests
     // it'll be null which will be testing if we behave correctly when it's not present.
@@ -1000,7 +999,8 @@ public Void answer(InvocationOnMock invocation) throws Throwable {
       channelFuture.get();
       fail("Expected stream creation failure");
     } catch (ExecutionException e) {
-      assertThat(e.getCause().getMessage()).isEqualTo("UNAVAILABLE: Authority verifier not found to verify authority");
+      assertThat(e.getCause().getMessage()).isEqualTo(
+              "UNAVAILABLE: Authority verifier not found to verify authority");
     }
   }
 
@@ -1019,27 +1019,26 @@ public void authorityVerificationSuccess_streamCreationSucceeds() throws Excepti
   public void authorityVerificationFailure_streamCreationFails() throws Exception {
     NettyClientHandler.enablePerRpcAuthorityCheck = true;
     try {
-      doAnswer(
-              new Answer<Void>() {
-                @Override
-                public Void answer(InvocationOnMock invocation) throws Throwable {
-                  StreamListener.MessageProducer producer =
-                          (StreamListener.MessageProducer) invocation.getArguments()[0];
-                  InputStream message;
-                  while ((message = producer.next()) != null) {
-                    streamListenerMessageQueue.add(message);
-                  }
-                  return null;
-                }
-              })
-              .when(streamListener)
-              .messagesAvailable(ArgumentMatchers.<StreamListener.MessageProducer>any());
+      doAnswer(new Answer<Void>() {
+        @Override
+        public Void answer(InvocationOnMock invocation) throws Throwable {
+          StreamListener.MessageProducer producer =
+                  (StreamListener.MessageProducer) invocation.getArguments()[0];
+          InputStream message;
+          while ((message = producer.next()) != null) {
+            streamListenerMessageQueue.add(message);
+          }
+          return null;
+        }
+      })
+          .when(streamListener)
+          .messagesAvailable(ArgumentMatchers.<StreamListener.MessageProducer>any());
       doAnswer((attributes) -> Attributes.newBuilder().set(
-              GrpcAttributes.ATTR_AUTHORITY_VERIFIER,
-              (authority) -> Status.UNAVAILABLE.withCause(
-                      new CertificateException("Peer verification failed"))).build())
-              .when(listener)
-              .filterTransport(ArgumentMatchers.any(Attributes.class));
+          GrpcAttributes.ATTR_AUTHORITY_VERIFIER,
+          (authority) -> Status.UNAVAILABLE.withCause(
+                  new CertificateException("Peer verification failed"))).build())
+          .when(listener)
+          .filterTransport(ArgumentMatchers.any(Attributes.class));
       lifecycleManager = new ClientTransportLifecycleManager(listener);
       // This mocks the keepalive manager only for there's in which we verify it. For other tests
       // it'll be null which will be testing if we behave correctly when it's not present.
