Address review comments.

Author: kannanjgithub

netty/build.gradle

@@ -18,7 +18,7 @@ tasks.named("jar").configure {
 dependencies {
     api project(':grpc-api'),
             libraries.netty.codec.http2
-            implementation project(':grpc-core'),
+    implementation project(':grpc-core'),
             libs.netty.handler.proxy,
             libraries.guava,
             libraries.errorprone.annotations,

netty/src/main/java/io/grpc/netty/NettyClientTransport.java

@@ -60,20 +60,15 @@
 import io.netty.util.concurrent.GenericFutureListener;
 import java.net.SocketAddress;
 import java.nio.channels.ClosedChannelException;
-import java.security.cert.CertificateException;
 import java.util.Map;
 import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 import javax.annotation.Nullable;
-import javax.net.ssl.SSLPeerUnverifiedException;
 
 /**
  * A Netty-based {@link ConnectionClientTransport} implementation.
  */
 class NettyClientTransport implements ConnectionClientTransport {
-  private static final Logger logger = Logger.getLogger(NettyClientTransport.class.getName());
 
   private final InternalLogId logId;
   private final Map<ChannelOption<?>, ?> channelOptions;
@@ -199,26 +194,11 @@ public ClientStream newStream(
     if (channel == null) {
       return new FailingClientStream(statusExplainingWhyTheChannelIsNull, tracers);
     }
-    try {
-      if (callOptions.getAuthority() != null && !negotiator.mayBeVerifyAuthority(
-          callOptions.getAuthority())) {
-        String errMsg = String.format("Peer hostname verification failed for authority '%s'.",
-            callOptions.getAuthority());
-        logger.log(Level.FINE, errMsg);
-        return new FailingClientStream(Status.INTERNAL.withDescription(errMsg), tracers);
+    if (callOptions.getAuthority() != null) {
+      Status verificationStatus = negotiator.verifyAuthority(callOptions.getAuthority());
+      if (verificationStatus != Status.OK) {
+        return new FailingClientStream(verificationStatus, tracers);
       }
-    } catch (UnsupportedOperationException ex) {
-      logger.log(Level.FINE,
-          "Can't allow authority override in rpc when X509ExtendedTrustManager is not available.",
-          callOptions.getAuthority());
-      return new FailingClientStream(Status.INTERNAL.withDescription(
-          "Can't allow authority override in rpc when X509ExtendedTrustManager is not available"),
-          tracers);
-    } catch (SSLPeerUnverifiedException | CertificateException ex) {
-      String errMsg = String.format("Peer hostname verification failed for authority '%s'.",
-          callOptions.getAuthority());
-      logger.log(Level.FINE, errMsg, ex);
-      return new FailingClientStream(Status.INTERNAL.withDescription(errMsg), tracers);
     }
     StatsTraceContext statsTraceCtx =
         StatsTraceContext.newClientContext(tracers, getAttributes(), headers);

netty/src/main/java/io/grpc/netty/NoopSslEngine.java

@@ -0,0 +1,151 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.netty;
+
+import java.nio.ByteBuffer;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+
+/**
+ * A no-op implementation of SslEngine, to facilitate overriding only the required methods in
+ * specific implementations.
+ */
+public class NoopSslEngine extends SSLEngine {
+  @Override
+  public SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int length, ByteBuffer dst)
+          throws SSLException {
+    return null;
+  }
+
+  @Override
+  public SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts, int offset, int length)
+          throws SSLException {
+    return null;
+  }
+
+  @Override
+  public Runnable getDelegatedTask() {
+    return null;
+  }
+
+  @Override
+  public void closeInbound() throws SSLException {
+
+  }
+
+  @Override
+  public boolean isInboundDone() {
+    return false;
+  }
+
+  @Override
+  public void closeOutbound() {
+
+  }
+
+  @Override
+  public boolean isOutboundDone() {
+    return false;
+  }
+
+  @Override
+  public String[] getSupportedCipherSuites() {
+    return new String[0];
+  }
+
+  @Override
+  public String[] getEnabledCipherSuites() {
+    return new String[0];
+  }
+
+  @Override
+  public void setEnabledCipherSuites(String[] suites) {
+
+  }
+
+  @Override
+  public String[] getSupportedProtocols() {
+    return new String[0];
+  }
+
+  @Override
+  public String[] getEnabledProtocols() {
+    return new String[0];
+  }
+
+  @Override
+  public void setEnabledProtocols(String[] protocols) {
+
+  }
+
+  @Override
+  public SSLSession getSession() {
+    return null;
+  }
+
+  @Override
+  public void beginHandshake() throws SSLException {
+
+  }
+
+  @Override
+  public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
+    return null;
+  }
+
+  @Override
+  public void setUseClientMode(boolean mode) {
+
+  }
+
+  @Override
+  public boolean getUseClientMode() {
+    return false;
+  }
+
+  @Override
+  public void setNeedClientAuth(boolean need) {
+
+  }
+
+  @Override
+  public boolean getNeedClientAuth() {
+    return false;
+  }
+
+  @Override
+  public void setWantClientAuth(boolean want) {
+
+  }
+
+  @Override
+  public boolean getWantClientAuth() {
+    return false;
+  }
+
+  @Override
+  public void setEnableSessionCreation(boolean flag) {
+
+  }
+
+  @Override
+  public boolean getEnableSessionCreation() {
+    return false;
+  }
+}

netty/src/main/java/io/grpc/netty/NoopSslSession.java

@@ -0,0 +1,132 @@
+/*
+ * Copyright 2024 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.netty;
+
+import java.security.Principal;
+import java.security.cert.Certificate;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSessionContext;
+
+/** A no-op ssl session, to facilitate overriding only the required methods in specific
+ * implementations.
+ */
+class NoopSslSession implements SSLSession {
+  @Override
+  public byte[] getId() {
+    return new byte[0];
+  }
+
+  @Override
+  public SSLSessionContext getSessionContext() {
+    return null;
+  }
+
+  @Override
+  @SuppressWarnings("deprecation")
+  public javax.security.cert.X509Certificate[] getPeerCertificateChain() {
+    throw new UnsupportedOperationException("This method is deprecated and marked for removal. "
+            + "Use the getPeerCertificates() method instead.");
+  }
+
+  @Override
+  public long getCreationTime() {
+    return 0;
+  }
+
+  @Override
+  public long getLastAccessedTime() {
+    return 0;
+  }
+
+  @Override
+  public void invalidate() {
+  }
+
+  @Override
+  public boolean isValid() {
+    return false;
+  }
+
+  @Override
+  public void putValue(String s, Object o) {
+  }
+
+  @Override
+  public Object getValue(String s) {
+    return null;
+  }
+
+  @Override
+  public void removeValue(String s) {
+  }
+
+  @Override
+  public String[] getValueNames() {
+    return new String[0];
+  }
+
+  @Override
+  public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
+    return new Certificate[0];
+  }
+
+  @Override
+  public Certificate[] getLocalCertificates() {
+    return new Certificate[0];
+  }
+
+  @Override
+  public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
+    return null;
+  }
+
+  @Override
+  public Principal getLocalPrincipal() {
+    return null;
+  }
+
+  @Override
+  public String getCipherSuite() {
+    return null;
+  }
+
+  @Override
+  public String getProtocol() {
+    return null;
+  }
+
+  @Override
+  public String getPeerHost() {
+    return null;
+  }
+
+  @Override
+  public int getPeerPort() {
+    return 0;
+  }
+
+  @Override
+  public int getPacketBufferSize() {
+    return 0;
+  }
+
+  @Override
+  public int getApplicationBufferSize() {
+    return 0;
+  }
+}

netty/src/main/java/io/grpc/netty/ProtocolNegotiator.java

@@ -16,12 +16,11 @@
 
 package io.grpc.netty;
 
+import io.grpc.Status;
 import io.grpc.internal.ObjectPool;
 import io.netty.channel.ChannelHandler;
 import io.netty.util.AsciiString;
-import java.security.cert.CertificateException;
 import java.util.concurrent.Executor;
-import javax.net.ssl.SSLPeerUnverifiedException;
 
 /**
  * An class that provides a Netty handler to control protocol negotiation.
@@ -68,13 +67,8 @@ interface ServerFactory {
 
   /**
    * Verify the authority against peer if applicable depending on the transport credential type.
-   * @throws UnsupportedOperationException if the verification should happen but the required
-   *     type of TrustManager could not be found.
-   * @throws SSLPeerUnverifiedException if peer verification failed
-   * @throws CertificateException if certificates have a problem
    */
-  default boolean mayBeVerifyAuthority(String authority)
-      throws SSLPeerUnverifiedException, CertificateException {
-    return true;
+  default Status verifyAuthority(String authority) {
+    return Status.UNAVAILABLE;
   }
 }