netty: limit access to ProtocolNegotiators

2019-02-12 19:59:15 -08:00 · 2019-02-12 19:59:15 -08:00 · bb394132bd
parent 041cf2abd4
commit bb394132bd
4 changed files with 56 additions and 6 deletions
--- a/alts/src/main/java/io/grpc/alts/internal/AltsProtocolNegotiator.java
+++ b/alts/src/main/java/io/grpc/alts/internal/AltsProtocolNegotiator.java
@ -31,8 +31,8 @@ import io.grpc.alts.internal.TsiHandshakeHandler.TsiHandshakeCompletionEvent;
 import io.grpc.internal.GrpcAttributes;
 import io.grpc.internal.ObjectPool;
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
+import io.grpc.netty.InternalProtocolNegotiators.AbstractBufferingHandler;
 import io.grpc.netty.ProtocolNegotiator;
-import io.grpc.netty.ProtocolNegotiators.AbstractBufferingHandler;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.util.AsciiString;
--- a/alts/src/main/java/io/grpc/alts/internal/GoogleDefaultProtocolNegotiator.java
+++ b/alts/src/main/java/io/grpc/alts/internal/GoogleDefaultProtocolNegotiator.java
@ -20,8 +20,8 @@ import com.google.common.annotations.VisibleForTesting;
 import io.grpc.alts.internal.AltsProtocolNegotiator.LazyChannel;
 import io.grpc.internal.GrpcAttributes;
 import io.grpc.netty.GrpcHttp2ConnectionHandler;
+import io.grpc.netty.InternalProtocolNegotiators;
 import io.grpc.netty.ProtocolNegotiator;
-import io.grpc.netty.ProtocolNegotiators;
 import io.netty.handler.ssl.SslContext;

 /** A client-side GPRC {@link ProtocolNegotiator} for Google Default Channel. */
@ -35,7 +35,7 @@ public final class GoogleDefaultProtocolNegotiator implements ProtocolNegotiator
      TsiHandshakerFactory altsFactory, LazyChannel lazyHandshakerChannel, SslContext sslContext) {
    altsProtocolNegotiator =
        AltsProtocolNegotiator.createClientNegotiator(altsFactory, lazyHandshakerChannel);
-    tlsProtocolNegotiator = ProtocolNegotiators.tls(sslContext);
+    tlsProtocolNegotiator = InternalProtocolNegotiators.tls(sslContext);
  }

  @VisibleForTesting
--- a/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/InternalProtocolNegotiators.java
@ -0,0 +1,52 @@
+/*
+ * Copyright 2019 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.netty;
+
+import io.netty.channel.ChannelHandler;
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.ssl.SslContext;
+
+/**
+ * Internal accessor for {@link ProtocolNegotiators}.
+ */
+public final class InternalProtocolNegotiators {
+
+  private InternalProtocolNegotiators() {}
+
+  /**
+   * Buffers all writes until either {@link #writeBufferedAndRemove(ChannelHandlerContext)} or
+   * {@link #fail(ChannelHandlerContext, Throwable)} is called. This handler allows us to
+   * write to a {@link io.netty.channel.Channel} before we are allowed to write to it officially
+   * i.e.  before it's active or the TLS Handshake is complete.
+   */
+  public abstract static class AbstractBufferingHandler
+      extends ProtocolNegotiators.AbstractBufferingHandler {
+
+    protected AbstractBufferingHandler(ChannelHandler... handlers) {
+      super(handlers);
+    }
+  }
+
+  /**
+   * Returns a {@link ProtocolNegotiator} that ensures the pipeline is set up so that TLS will
+   * be negotiated, the {@code handler} is added and writes to the {@link io.netty.channel.Channel}
+   * may happen immediately, even before the TLS Handshake is complete.
+   */
+  public static ProtocolNegotiator tls(SslContext sslContext) {
+    return ProtocolNegotiators.tls(sslContext);
+  }
+}
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@ -24,7 +24,6 @@ import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import io.grpc.Attributes;
 import io.grpc.Grpc;
-import io.grpc.Internal;
 import io.grpc.InternalChannelz;
 import io.grpc.SecurityLevel;
 import io.grpc.Status;
@ -74,8 +73,7 @@ import javax.net.ssl.SSLSession;
 /**
 * Common {@link ProtocolNegotiator}s used by gRPC.
 */
-@Internal
-public final class ProtocolNegotiators {
+final class ProtocolNegotiators {
  private static final Logger log = Logger.getLogger(ProtocolNegotiators.class.getName());

  private ProtocolNegotiators() {