Fix review comments

kannanjgithub · kannanjgithub · commit 7ecbf56e267e · 2025-02-20T21:15:51.000+05:30
diff --git a/netty/src/main/java/io/grpc/netty/GrpcHttp2OutboundHeaders.java b/netty/src/main/java/io/grpc/netty/GrpcHttp2OutboundHeaders.java
@@ -68,14 +68,12 @@ private GrpcHttp2OutboundHeaders(AsciiString[] preHeaders, byte[][] serializedMe
 
   @Override
   public CharSequence authority() {
-    CharSequence authority = null;
     for (int i = 0; i < preHeaders.length / 2; i++) {
       if (preHeaders[i].equals(Http2Headers.PseudoHeaderName.AUTHORITY.value())) {
-        authority = preHeaders[i + 1];
+        return preHeaders[i * 2 + 1];
       }
     }
-    assert authority != null;
-    return authority;
+    return null;
   }
 
   @Override
diff --git a/netty/src/main/java/io/grpc/netty/NettyClientHandler.java b/netty/src/main/java/io/grpc/netty/NettyClientHandler.java
@@ -604,57 +604,55 @@ private void createStream(CreateStreamCommand command, ChannelPromise promise)
     }
 
     CharSequence authorityHeader = command.headers().authority();
-    if (authorityHeader != null) {
-      // No need to verify authority for the rpc outgoing header if it is same as the authority
-      // for the transport
-      if (!authority.contentEquals(authorityHeader)) {
-        Status authorityVerificationStatus = peerVerificationResults.get(
-                authorityHeader.toString());
-        if (authorityVerificationStatus == null) {
-          if (attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER) != null) {
-            authorityVerificationStatus = attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER)
-                    .verifyAuthority(authorityHeader.toString());
-            peerVerificationResults.put(authorityHeader.toString(), authorityVerificationStatus);
-            if (!authorityVerificationStatus.isOk() && !enablePerRpcAuthorityCheck) {
-              logger.log(Level.WARNING, String.format("%s.%s",
-                              authorityVerificationStatus.getDescription(),
-                              enablePerRpcAuthorityCheck
-                                      ? "" : " This will be an error in the future."),
-                      InternalStatus.asRuntimeExceptionWithoutStacktrace(
-                              authorityVerificationStatus, null));
-            }
-          } else {
-            authorityVerificationStatus = Status.UNAVAILABLE.withDescription(
-                    "Authority verifier not found to verify authority");
-            command.stream().setNonExistent();
-            command.stream().transportReportStatus(
-                    authorityVerificationStatus, RpcProgress.PROCESSED, true, new Metadata());
-            promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
-                    authorityVerificationStatus, null));
-            return;
-          }
-        }
-        if (authorityVerificationStatus != null && !authorityVerificationStatus.isOk()) {
-          if (enablePerRpcAuthorityCheck) {
-            command.stream().setNonExistent();
-            command.stream().transportReportStatus(
-                    authorityVerificationStatus, RpcProgress.PROCESSED, true, new Metadata());
-            promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
-                    authorityVerificationStatus, null));
-            return;
-          }
-        }
-      }
-    } else {
+    if (authorityHeader == null) {
       Status authorityVerificationStatus = Status.UNAVAILABLE.withDescription(
               "Missing authority header");
       command.stream().setNonExistent();
       command.stream().transportReportStatus(
-              Status.UNAVAILABLE, RpcProgress.DROPPED, true, new Metadata());
+              Status.UNAVAILABLE, RpcProgress.PROCESSED, true, new Metadata());
       promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
               authorityVerificationStatus, null));
       return;
     }
+    // No need to verify authority for the rpc outgoing header if it is same as the authority
+    // for the transport
+    if (!authority.contentEquals(authorityHeader)) {
+      Status authorityVerificationStatus = peerVerificationResults.get(
+              authorityHeader.toString());
+      if (authorityVerificationStatus == null) {
+        if (attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER) == null) {
+          authorityVerificationStatus = Status.UNAVAILABLE.withDescription(
+                  "Authority verifier not found to verify authority");
+          command.stream().setNonExistent();
+          command.stream().transportReportStatus(
+                  authorityVerificationStatus, RpcProgress.PROCESSED, true, new Metadata());
+          promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                  authorityVerificationStatus, null));
+          return;
+        }
+        authorityVerificationStatus = attributes.get(GrpcAttributes.ATTR_AUTHORITY_VERIFIER)
+                .verifyAuthority(authorityHeader.toString());
+        peerVerificationResults.put(authorityHeader.toString(), authorityVerificationStatus);
+        if (!authorityVerificationStatus.isOk() && !enablePerRpcAuthorityCheck) {
+          logger.log(Level.WARNING, String.format("%s.%s",
+                          authorityVerificationStatus.getDescription(),
+                          enablePerRpcAuthorityCheck
+                                  ? "" : " This will be an error in the future."),
+                  InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                          authorityVerificationStatus, null));
+        }
+      }
+      if (!authorityVerificationStatus.isOk()) {
+        if (enablePerRpcAuthorityCheck) {
+          command.stream().setNonExistent();
+          command.stream().transportReportStatus(
+                  authorityVerificationStatus, RpcProgress.PROCESSED, true, new Metadata());
+          promise.setFailure(InternalStatus.asRuntimeExceptionWithoutStacktrace(
+                  authorityVerificationStatus, null));
+          return;
+        }
+      }
+    }
     // Get the stream ID for the new stream.
     int streamId;
     try {
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -836,7 +836,9 @@ public AsciiString scheme() {
     public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       ChannelHandler upgradeHandler =
           new Http2UpgradeAndGrpcHandler(grpcHandler.getAuthority(), grpcHandler);
-      return new WaitUntilActiveHandler(upgradeHandler, grpcHandler.getNegotiationLogger());
+      ChannelHandler plaintextHandler =
+          new PlaintextHandler(upgradeHandler, grpcHandler.getNegotiationLogger());
+      return new WaitUntilActiveHandler(plaintextHandler, grpcHandler.getNegotiationLogger());
     }
 
     @Override
@@ -1033,7 +1035,9 @@ static final class PlaintextProtocolNegotiator implements ProtocolNegotiator {
     @Override
     public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) {
       ChannelHandler grpcNegotiationHandler = new GrpcNegotiationHandler(grpcHandler);
-      ChannelHandler activeHandler = new WaitUntilActiveHandler(grpcNegotiationHandler,
+      ChannelHandler plaintextHandler =
+          new PlaintextHandler(grpcNegotiationHandler, grpcHandler.getNegotiationLogger());
+      ChannelHandler activeHandler = new WaitUntilActiveHandler(plaintextHandler,
           grpcHandler.getNegotiationLogger());
       return activeHandler;
     }
@@ -1047,6 +1051,22 @@ public AsciiString scheme() {
     }
   }
 
+  static final class PlaintextHandler extends ProtocolNegotiationHandler {
+    PlaintextHandler(ChannelHandler next, ChannelLogger negotiationLogger) {
+      super(next, negotiationLogger);
+    }
+
+    @Override
+    protected void protocolNegotiationEventTriggered(ChannelHandlerContext ctx) {
+      ProtocolNegotiationEvent existingPne = getProtocolNegotiationEvent();
+      Attributes attrs = existingPne.getAttributes().toBuilder()
+              .set(GrpcAttributes.ATTR_AUTHORITY_VERIFIER, (authority) -> Status.OK)
+              .build();
+      replaceProtocolNegotiationEvent(existingPne.withAttributes(attrs));
+      fireProtocolNegotiationEvent(ctx);
+    }
+  }
+
   /**
    * Waits for the channel to be active, and then installs the next Handler.  Using this allows
    * subsequent handlers to assume the channel is active and ready to send.  Additionally, this a
diff --git a/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java b/netty/src/main/java/io/grpc/netty/X509AuthorityVerifier.java
@@ -16,6 +16,8 @@
 
 package io.grpc.netty;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 import io.grpc.Status;
 import io.grpc.internal.AuthorityVerifier;
 import java.lang.reflect.InvocationTargetException;
@@ -51,15 +53,15 @@ final class X509AuthorityVerifier implements AuthorityVerifier {
   }
 
   public X509AuthorityVerifier(SSLEngine sslEngine, X509TrustManager x509ExtendedTrustManager) {
-    this.sslEngine = sslEngine;
+    this.sslEngine = checkNotNull(sslEngine);
     this.x509ExtendedTrustManager = x509ExtendedTrustManager;
   }
 
   @Override
   public Status verifyAuthority(@Nonnull String authority) {
-    if (sslEngine == null || x509ExtendedTrustManager == null) {
+    if (x509ExtendedTrustManager == null) {
       return Status.UNAVAILABLE.withDescription(
-              "Can't allow authority override in rpc when SslEngine or X509ExtendedTrustManager"
+              "Can't allow authority override in rpc when X509ExtendedTrustManager"
                       + " is not available");
     }
     Status peerVerificationStatus;

Original file line number	Diff line number	Diff line change
`@@ -68,14 +68,12 @@ private GrpcHttp2OutboundHeaders(AsciiString[] preHeaders, byte[][] serializedMe`
`68`	`68`
`69`	`69`	`@Override`
`70`	`70`	`public CharSequence authority() {`
`71`		`- CharSequence authority = null;`
`72`	`71`	`for (int i = 0; i < preHeaders.length / 2; i++) {`
`73`	`72`	`if (preHeaders[i].equals(Http2Headers.PseudoHeaderName.AUTHORITY.value())) {`
`74`		`- authority = preHeaders[i + 1];`
	`73`	`+ return preHeaders[i * 2 + 1];`
`75`	`74`	`}`
`76`	`75`	`}`
`77`		`- assert authority != null;`
`78`		`- return authority;`
	`76`	`+ return null;`
`79`	`77`	`}`
`80`	`78`
`81`	`79`	`@Override`