Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

netty: Per-rpc call option authority verification against peer cert subject names #11724

Merged
merged 81 commits into from
Feb 24, 2025
Merged

netty: Per-rpc call option authority verification against peer cert subject names #11724

merged 81 commits into from
Feb 24, 2025

Conversation

kannanjgithub
Copy link
Contributor

No description provided.

@kannanjgithub kannanjgithub requested a review from ejona86 December 4, 2024 13:23
@kannanjgithub
Copy link
Contributor Author

I don't know what this error is about:

java/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java:621:18: 'public' modifier out of order with the JLS suggestions. [ModifierOrder]

@ejona86
Copy link
Member

ejona86 commented Dec 9, 2024

synchronized public boolean mayBeVerifyAuthority should have "public" first: public synchronized boolean mayBeVerifyAuthority.

JLS == Java Language Specification

The relevant part of the style guide:
https://google.github.io/styleguide/javaguide.html#s4.8.7-modifiers
But checkstyle also links to some useful things:
https://checkstyle.sourceforge.io/checks/modifier/modifierorder.html

ejona86
ejona86 reviewed Dec 9, 2024
View reviewed changes
ejona86
ejona86 reviewed Dec 13, 2024
View reviewed changes
kannanjgithub and others added 14 commits January 22, 2025 15:25
@kannanjgithub
Ignore animal sniffer errors via annotation in tests.
2af1cca
@kannanjgithub
In-progress changes to move authority verification to the ChannelHand…
15c8161 
…ler instead of the Protocol negotiator.
@kannanjgithub
Save sslEngine and use it later after the handshake is complete, to s…
7941abc 
…et the attribute for the hostname verifier.
@kannanjgithub
temp testing changes
7fcd98d
@kannanjgithub
Changes.
4c50e71
@kannanjgithub
Merge branch 'authoritychecktls-fork' into authoritychecktls
da19b28 
# Conflicts:
#	examples/example-tls/src/main/java/io/grpc/examples/helloworldtls/HelloWorldClientTls.java
@kannanjgithub
Merge branch 'grpc:master' into authoritychecktls
4e24446
@kannanjgithub
Merge remote-tracking branch 'origin/authorityverifyokhttp' into auth…
8576a4e 
…oritychecktls

# Conflicts:
#	core/src/main/java/io/grpc/internal/CertificateUtils.java
#	okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java
@kannanjgithub
Merge remote-tracking branch 'origin/authoritychecktls' into authorit…
0627bf4 
…ychecktls
@kannanjgithub
Revert "Merge remote-tracking branch 'origin/authorityverifyokhttp' i…
02a1041 
…nto authoritychecktls"

This reverts commit 8576a4e, reversing
changes made to da19b28.
@kannanjgithub
Fix style
1d6f46f
@kannanjgithub
Revert unintended changes.
42058ea
@kannanjgithub
Revert unintended changes.
cd93d4e
@kannanjgithub
Revert unintended changes.
1ff1f0b
ejona86
ejona86 reviewed Feb 12, 2025
View reviewed changes
@kannanjgithub
Copy link
Contributor Author

I'm now only doing the authority verification if the transport authority is different from the one in the headers.

I do think we should set the attribute in most of the built-in negotiators, but ALTS and S2A would probably be without it for now.

As a subsequent work I assume.

After the changes to disallow authority override without having a verifier in the attributes, the FakeControlPlaneIntegrationTest which doesn't use Tls but plain text transport is failing. Is it ok to introduce a system property to allow authority override without a verifier and set it from the integration test?

ejona86
ejona86 approved these changes Feb 20, 2025
View reviewed changes
Copy link
Member

@ejona86 ejona86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before we merge, let's run some tests inside Google to make sure this doesn't break anything. (Since the risk is high, it is better to run them before merging to avoid needing to revert the PR.) I'll start them today.

ejona86
ejona86 approved these changes Feb 21, 2025
View reviewed changes
Copy link
Member

@ejona86 ejona86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test run inside Google looked good

@kannanjgithub kannanjgithub merged commit cdab410 into grpc:master Feb 24, 2025
15 of 16 checks passed
@kannanjgithub kannanjgithub deleted the authoritychecktls branch February 24, 2025 14:58
AshZhang pushed a commit to AshZhang/grpc-java that referenced this pull request Feb 24, 2025
@kannanjgithub @AshZhang
netty: Per-rpc authority verification against peer cert subject names (
72b3d55 
…grpc#11724)

Per-rpc verification of authority specified via call options or set by the LB API against peer cert's subject names.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ejona86 ejona86 ejona86 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kannanjgithub @ejona86