Add attributes to ServerCall

lukaszx0 · ejona86 · commit 6a67a97a731a · 2016-03-16T15:39:42.000-07:00
diff --git a/core/src/main/java/io/grpc/PartialForwardingServerCall.java b/core/src/main/java/io/grpc/PartialForwardingServerCall.java
@@ -77,4 +77,10 @@ public void setMessageCompression(boolean enabled) {
   public void setCompression(String compressor) {
     delegate().setCompression(compressor);
   }
+
+  @Override
+  @ExperimentalApi
+  public Attributes attributes() {
+    return delegate().attributes();
+  }
 }
diff --git a/core/src/main/java/io/grpc/ServerCall.java b/core/src/main/java/io/grpc/ServerCall.java
@@ -196,4 +196,15 @@ public void setMessageCompression(boolean enabled) {
   public void setCompression(String compressor) {
     // noop
   }
+
+  /**
+   * Returns properties of a single call. This is a generic container which can contain any kind of
+   * information describing call like for example remote address, TLS information (OU etc.)
+   *
+   * @return Attributes container
+   */
+  @ExperimentalApi
+  public Attributes attributes() {
+    return Attributes.EMPTY;
+  }
 }
diff --git a/core/src/main/java/io/grpc/inprocess/InProcessTransport.java b/core/src/main/java/io/grpc/inprocess/InProcessTransport.java
@@ -33,6 +33,7 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import io.grpc.Attributes;
 import io.grpc.Compressor;
 import io.grpc.Decompressor;
 import io.grpc.Metadata;
@@ -366,6 +367,11 @@ public void setCompressor(Compressor compressor) {}
 
       @Override
       public void setDecompressor(Decompressor decompressor) {}
+
+      // TODO(lukasz) should we return something here?
+      @Override public Attributes attributes() {
+        return Attributes.EMPTY;
+      }
     }
 
     private class InProcessClientStream implements ClientStream {
diff --git a/core/src/main/java/io/grpc/internal/AbstractServerStream.java b/core/src/main/java/io/grpc/internal/AbstractServerStream.java
@@ -35,6 +35,7 @@
 
 import com.google.common.base.Preconditions;
 
+import io.grpc.Attributes;
 import io.grpc.Metadata;
 import io.grpc.Status;
 
@@ -278,4 +279,8 @@ private void closeListener(Status newStatus) {
       listener().closed(newStatus);
     }
   }
+
+  @Override public Attributes attributes() {
+    return Attributes.EMPTY;
+  }
 }
diff --git a/core/src/main/java/io/grpc/internal/GrpcUtil.java b/core/src/main/java/io/grpc/internal/GrpcUtil.java
@@ -41,12 +41,14 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 
+import io.grpc.Attributes;
 import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.internal.SharedResourceHolder.Resource;
 
 import java.lang.reflect.Method;
 import java.net.HttpURLConnection;
+import java.net.SocketAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.Map.Entry;
@@ -56,6 +58,7 @@
 import java.util.concurrent.TimeUnit;
 
 import javax.annotation.Nullable;
+import javax.net.ssl.SSLSession;
 
 /**
  * Common utilities for GRPC.
@@ -92,6 +95,18 @@ public final class GrpcUtil {
   public static final Metadata.Key<String> USER_AGENT_KEY =
           Metadata.Key.of("user-agent", Metadata.ASCII_STRING_MARSHALLER);
 
+  /**
+   * {@link io.grpc.Attributes.Key} for the remote address of stream call.
+   */
+  public static final Attributes.Key<SocketAddress> REMOTE_ADDR_STREAM_ATTR_KEY =
+          Attributes.Key.of("io.grpc.RemoteAddr");
+
+  /**
+   * {@link io.grpc.Attributes.Key} for the SSL session of stream call.
+   */
+  public static final Attributes.Key<SSLSession> SSL_SESSION_STREAM_ATTR_KEY =
+          Attributes.Key.of("io.grpc.SslSession");
+
   /**
    * The default port for plain-text connections.
    */
diff --git a/core/src/main/java/io/grpc/internal/ServerCallImpl.java b/core/src/main/java/io/grpc/internal/ServerCallImpl.java
@@ -42,6 +42,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Throwables;
 
+import io.grpc.Attributes;
 import io.grpc.Codec;
 import io.grpc.Compressor;
 import io.grpc.CompressorRegistry;
@@ -200,6 +201,11 @@ ServerStreamListener newServerStreamListener(ServerCall.Listener<ReqT> listener,
     return new ServerStreamListenerImpl<ReqT>(this, listener, timeout, context);
   }
 
+  @Override
+  public Attributes attributes() {
+    return stream.attributes();
+  }
+
   /**
    * All of these callbacks are assumed to called on an application thread, and the caller is
    * responsible for handling thrown exceptions.
diff --git a/core/src/main/java/io/grpc/internal/ServerStream.java b/core/src/main/java/io/grpc/internal/ServerStream.java
@@ -31,6 +31,7 @@
 
 package io.grpc.internal;
 
+import io.grpc.Attributes;
 import io.grpc.Metadata;
 import io.grpc.Status;
 
@@ -66,4 +67,11 @@ public interface ServerStream extends Stream {
    * times and from any thread.
    */
   void cancel(Status status);
+
+  /**
+   * Attributes describing stream.
+   *
+   * @return Attributes container
+   */
+  Attributes attributes();
 }
diff --git a/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java b/interop-testing/src/main/java/io/grpc/testing/integration/AbstractInteropTest.java
@@ -50,6 +50,8 @@
 import com.google.auth.oauth2.ServiceAccountCredentials;
 import com.google.auth.oauth2.ServiceAccountJwtAccessCredentials;
 import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Lists;
+import com.google.common.net.HostAndPort;
 import com.google.protobuf.ByteString;
 import com.google.protobuf.EmptyProtos.Empty;
 
@@ -59,6 +61,7 @@
 import io.grpc.Metadata;
 import io.grpc.Server;
 import io.grpc.ServerBuilder;
+import io.grpc.ServerCall;
 import io.grpc.ServerInterceptor;
 import io.grpc.ServerInterceptors;
 import io.grpc.Status;
@@ -88,6 +91,8 @@
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.List;
 import java.util.concurrent.ArrayBlockingQueue;
@@ -96,13 +101,18 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+
 /**
  * Abstract base class for all GRPC transport tests.
  */
 public abstract class AbstractInteropTest {
 
   public static final Metadata.Key<Messages.SimpleContext> METADATA_KEY =
       ProtoUtils.keyForProto(Messages.SimpleContext.getDefaultInstance());
+  private static final AtomicReference<ServerCall> serverCallCapture =
+      new AtomicReference<ServerCall>();
   private static final AtomicReference<Metadata> requestHeadersCapture =
       new AtomicReference<Metadata>();
   private static ScheduledExecutorService testServiceExecutor;
@@ -114,6 +124,7 @@ protected static void startStaticServer(
     testServiceExecutor = Executors.newScheduledThreadPool(2);
 
     List<ServerInterceptor> allInterceptors = ImmutableList.<ServerInterceptor>builder()
+        .add(TestUtils.recordServerCallInterceptor(serverCallCapture))
         .add(TestUtils.recordRequestHeadersInterceptor(requestHeadersCapture))
         .add(TestUtils.echoRequestHeadersInterceptor(Util.METADATA_KEY))
         .add(interceptors)
@@ -920,4 +931,38 @@ protected static void assertSuccess(StreamRecorder<?> recorder) {
       throw new AssertionError(recorder.getError());
     }
   }
+
+  /** Helper for asserting remote address {@link io.grpc.ServerCall#attributes()} */
+  protected void assertRemoteAddr(String expectedRemoteAddress) {
+    TestServiceGrpc.TestServiceBlockingStub stub = TestServiceGrpc.newBlockingStub(channel)
+            .withDeadlineAfter(5, TimeUnit.SECONDS);
+
+    stub.unaryCall(SimpleRequest.getDefaultInstance());
+
+    HostAndPort remoteAddress = HostAndPort.fromString(serverCallCapture.get().attributes()
+            .get(GrpcUtil.REMOTE_ADDR_STREAM_ATTR_KEY).toString());
+    assertEquals(expectedRemoteAddress, remoteAddress.getHostText());
+  }
+
+  /** Helper for asserting TLS info in SSLSession {@link io.grpc.ServerCall#attributes()} */
+  protected void assertX500SubjectDn(String tlsInfo) {
+    TestServiceGrpc.TestServiceBlockingStub stub = TestServiceGrpc.newBlockingStub(channel)
+            .withDeadlineAfter(5, TimeUnit.SECONDS);
+
+    stub.unaryCall(SimpleRequest.getDefaultInstance());
+
+    List<Certificate> certificates = Lists.newArrayList();
+    SSLSession sslSession =
+        serverCallCapture.get().attributes().get(GrpcUtil.SSL_SESSION_STREAM_ATTR_KEY);
+    try {
+      certificates = Arrays.asList(sslSession.getPeerCertificates());
+    } catch (SSLPeerUnverifiedException e) {
+      fail("No cert");
+    }
+
+    X509Certificate x509cert = (X509Certificate) certificates.get(0);
+
+    assertEquals(1, certificates.size());
+    assertEquals(tlsInfo, x509cert.getSubjectDN().toString());
+  }
 }
diff --git a/interop-testing/src/test/java/io/grpc/testing/integration/Http2NettyTest.java b/interop-testing/src/test/java/io/grpc/testing/integration/Http2NettyTest.java
@@ -36,11 +36,13 @@
 import io.grpc.netty.NettyChannelBuilder;
 import io.grpc.netty.NettyServerBuilder;
 import io.grpc.testing.TestUtils;
+import io.netty.handler.ssl.ClientAuth;
 import io.netty.handler.ssl.SslProvider;
 import io.netty.handler.ssl.SupportedCipherSuiteFilter;
 
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
+import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
@@ -61,6 +63,8 @@ public static void startServer() {
           .flowControlWindow(65 * 1024)
           .sslContext(GrpcSslContexts
               .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"))
+              .clientAuth(ClientAuth.REQUIRE)
+              .trustManager(TestUtils.loadCert("ca.pem"))
               .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
               .sslProvider(SslProvider.OPENSSL)
               .build()));
@@ -79,8 +83,10 @@ protected ManagedChannel createChannel() {
     try {
       return NettyChannelBuilder
           .forAddress(TestUtils.testServerAddress(serverPort))
-          .sslContext(GrpcSslContexts.forClient()
-              .trustManager(TestUtils.loadCert("ca.pem"))
+          .sslContext(GrpcSslContexts
+              .forClient()
+              .keyManager(TestUtils.loadCert("client.pem"), TestUtils.loadCert("client.key"))
+              .trustManager(TestUtils.loadX509Cert("ca.pem"))
               .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
               .sslProvider(SslProvider.OPENSSL)
               .build())
@@ -89,4 +95,14 @@ protected ManagedChannel createChannel() {
       throw new RuntimeException(ex);
     }
   }
+
+  @Test(timeout = 10000)
+  public void remoteAddr() {
+    assertRemoteAddr("/127.0.0.1");
+  }
+
+  @Test(timeout = 10000)
+  public void tlsInfo() {
+    assertX500SubjectDn("CN=testclient, O=Internet Widgits Pty Ltd, ST=Some-State, C=AU");
+  }
 }
diff --git a/netty/src/main/java/io/grpc/netty/NettyServerStream.java b/netty/src/main/java/io/grpc/netty/NettyServerStream.java
@@ -33,9 +33,11 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import io.grpc.Attributes;
 import io.grpc.Metadata;
 import io.grpc.Status;
 import io.grpc.internal.AbstractServerStream;
+import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.WritableBuffer;
 import io.netty.buffer.ByteBuf;
 import io.netty.channel.Channel;
@@ -44,6 +46,8 @@
 import io.netty.handler.codec.http2.Http2Headers;
 import io.netty.handler.codec.http2.Http2Stream;
 
+import javax.net.ssl.SSLSession;
+
 /**
  * Server stream for a Netty HTTP2 transport.
  */
@@ -53,6 +57,7 @@ class NettyServerStream extends AbstractServerStream<Integer> {
   private final NettyServerHandler handler;
   private final Http2Stream http2Stream;
   private final WriteQueue writeQueue;
+  private final Attributes attributes;
 
   NettyServerStream(Channel channel, Http2Stream http2Stream, NettyServerHandler handler,
                     int maxMessageSize) {
@@ -61,6 +66,7 @@ class NettyServerStream extends AbstractServerStream<Integer> {
     this.channel = checkNotNull(channel, "channel");
     this.http2Stream = checkNotNull(http2Stream, "http2Stream");
     this.handler = checkNotNull(handler, "handler");
+    this.attributes = buildAttributes(channel);
   }
 
   @Override
@@ -140,4 +146,21 @@ protected void sendStreamAbortToClient(Status status, Metadata trailers) {
   public void cancel(Status status) {
     writeQueue.enqueue(new CancelServerStreamCommand(this, status), true);
   }
+
+  @Override public Attributes attributes() {
+    return attributes;
+  }
+
+  private static Attributes buildAttributes(Channel channel) {
+    // NB(lukaszx0) SSLSession will be set only if SSL handshake was successful
+    SSLSession sslSession = null;
+    if (channel.hasAttr(Utils.SSL_SESSION_ATTR_KEY)) {
+      sslSession = channel.attr(Utils.SSL_SESSION_ATTR_KEY).get();
+    }
+
+    return Attributes.newBuilder()
+        .set(GrpcUtil.REMOTE_ADDR_STREAM_ATTR_KEY, channel.remoteAddress())
+        .set(GrpcUtil.SSL_SESSION_STREAM_ATTR_KEY, sslSession)
+        .build();
+  }
 }
diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@@ -60,6 +60,7 @@
 import io.netty.handler.ssl.SslHandler;
 import io.netty.handler.ssl.SslHandshakeCompletionEvent;
 import io.netty.util.AsciiString;
+import io.netty.util.Attribute;
 import io.netty.util.ReferenceCountUtil;
 
 import java.net.URI;
@@ -72,6 +73,7 @@
 import javax.annotation.Nullable;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSession;
 
 /**
  * Common {@link ProtocolNegotiator}s used by gRPC.
@@ -154,6 +156,12 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exc
             // Successfully negotiated the protocol. Replace this handler with
             // the GRPC handler.
             ctx.pipeline().replace(this, null, grpcHandler);
+
+            // TODO(lukaszx0) Short term solution. Long term we want to plumb this through
+            // ProtocolNegotiator.Handler and pass the handler into NettyClientHandler and
+            // NettyServerHandler (https://github.com/grpc/grpc-java/issues/1556)
+            Attribute<SSLSession> sslSessionAttr = ctx.channel().attr(Utils.SSL_SESSION_ATTR_KEY);
+            sslSessionAttr.set(sslHandler(ctx.pipeline()).engine().getSession());
           } else {
             fail(ctx, new Exception(
                 "Failed protocol negotiation: Unable to find compatible protocol."));
diff --git a/netty/src/main/java/io/grpc/netty/Utils.java b/netty/src/main/java/io/grpc/netty/Utils.java
diff --git a/testing/src/main/java/io/grpc/testing/TestUtils.java b/testing/src/main/java/io/grpc/testing/TestUtils.java

Original file line number	Diff line number	Diff line change
`@@ -77,4 +77,10 @@ public void setMessageCompression(boolean enabled) {`
`77`	`77`	`public void setCompression(String compressor) {`
`78`	`78`	`delegate().setCompression(compressor);`
`79`	`79`	`}`
	`80`	`+`
	`81`	`+ @Override`
	`82`	`+ @ExperimentalApi`
	`83`	`+ public Attributes attributes() {`
	`84`	`+ return delegate().attributes();`
	`85`	`+ }`
`80`	`86`	`}`
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@`
`35`	`35`
`36`	`36`	`import com.google.common.base.Preconditions;`
`37`	`37`
	`38`	`+import io.grpc.Attributes;`
`38`	`39`	`import io.grpc.Metadata;`
`39`	`40`	`import io.grpc.Status;`
`40`	`41`
`@@ -278,4 +279,8 @@ private void closeListener(Status newStatus) {`
`278`	`279`	`listener().closed(newStatus);`
`279`	`280`	`}`
`280`	`281`	`}`
	`282`	`+`
	`283`	`+ @Override public Attributes attributes() {`
	`284`	`+ return Attributes.EMPTY;`
	`285`	`+ }`
`281`	`286`	`}`