Make the OkHTTP transport AppEngine friendly. AppEngine may support

conscrypt at some point which would allow ALPN to function
Clarify the SSLContext.getDefault is not used when constructing the
default SSLSocketFactory.

Author: Louis Ryan

core/src/main/java/io/grpc/internal/GrpcUtil.java

@@ -39,6 +39,7 @@
 import com.google.common.base.Stopwatch;
 import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.util.concurrent.MoreExecutors;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 
 import io.grpc.Metadata;
@@ -53,6 +54,7 @@
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ThreadFactory;
 import java.util.concurrent.TimeUnit;
 
 import javax.annotation.Nullable;
@@ -62,6 +64,12 @@
  */
 public final class GrpcUtil {
 
+  // Certain production AppEngine runtimes have constraints on threading and socket handling
+  // that need to be accommodated.
+  public static final boolean IS_RESTRICTED_APPENGINE =
+      "Production".equals(System.getProperty("com.google.appengine.runtime.environment"))
+          && "1.7".equals(System.getProperty("java.specification.version"));
+
   /**
    * {@link io.grpc.Metadata.Key} for the timeout header.
    */
@@ -374,10 +382,7 @@ public static String authorityFromHostAndPort(String host, int port) {
         private static final String name = "grpc-default-executor";
         @Override
         public ExecutorService create() {
-          return Executors.newCachedThreadPool(new ThreadFactoryBuilder()
-              .setDaemon(true)
-              .setNameFormat(name + "-%d")
-              .build());
+          return Executors.newCachedThreadPool(getThreadFactory(name + "-%d", true));
         }
 
         @Override
@@ -402,10 +407,8 @@ public ScheduledExecutorService create() {
           // ScheduledThreadPoolExecutor.
           ScheduledExecutorService service = Executors.newScheduledThreadPool(
               1,
-              new ThreadFactoryBuilder()
-                  .setDaemon(true)
-                  .setNameFormat("grpc-timer-%d")
-                  .build());
+              getThreadFactory("grpc-timer-%d", true));
+
           // If there are long timeouts that are cancelled, they will not actually be removed from
           // the executors queue.  This forces immediate removal upon cancellation to avoid a
           // memory leak.  Reflection is used because we cannot use methods added in Java 1.7.  If
@@ -431,6 +434,27 @@ public void close(ScheduledExecutorService instance) {
         }
       };
 
+
+  /**
+   * Get a {@link ThreadFactory} suitable for use in the current environment.
+   * @param nameFormat to apply to threads created by the factory.
+   * @param daemon {@code true} if the threads the factory creates are daemon threads, {@code false}
+   *     otherwise.
+   * @return a {@link ThreadFactory}.
+   */
+  public static ThreadFactory getThreadFactory(String nameFormat, boolean daemon) {
+    ThreadFactory threadFactory = MoreExecutors.platformThreadFactory();
+    if (IS_RESTRICTED_APPENGINE) {
+      return threadFactory;
+    } else {
+      return new ThreadFactoryBuilder()
+          .setThreadFactory(threadFactory)
+          .setDaemon(daemon)
+          .setNameFormat(nameFormat)
+          .build();
+    }
+  }
+
   /**
    * The factory of default Stopwatches.
    */

core/src/main/java/io/grpc/internal/SharedResourceHolder.java

@@ -32,7 +32,6 @@
 package io.grpc.internal;
 
 import com.google.common.base.Preconditions;
-import com.google.common.util.concurrent.ThreadFactoryBuilder;
 
 import java.util.IdentityHashMap;
 import java.util.concurrent.Executors;
@@ -65,10 +64,8 @@ public final class SharedResourceHolder {
       new ScheduledExecutorFactory() {
         @Override
         public ScheduledExecutorService createScheduledExecutor() {
-          return Executors.newSingleThreadScheduledExecutor(new ThreadFactoryBuilder()
-              .setDaemon(true)
-              .setNameFormat("grpc-shared-destroyer-%d")
-              .build());
+          return Executors.newSingleThreadScheduledExecutor(
+              GrpcUtil.getThreadFactory("grpc-shared-destroyer-%d", true));
         }
       });
 

interop-testing/src/test/java/io/grpc/testing/integration/Http2OkHttpTest.java

@@ -45,6 +45,7 @@
 import io.grpc.netty.GrpcSslContexts;
 import io.grpc.netty.NettyServerBuilder;
 import io.grpc.okhttp.OkHttpChannelBuilder;
+import io.grpc.okhttp.internal.Platform;
 import io.grpc.stub.StreamObserver;
 import io.grpc.testing.StreamRecorder;
 import io.grpc.testing.TestUtils;
@@ -60,6 +61,7 @@
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
+import java.io.FileInputStream;
 import java.io.IOException;
 
 import javax.net.ssl.SSLPeerUnverifiedException;
@@ -109,7 +111,8 @@ protected ManagedChannel createChannel() {
         .overrideAuthority(GrpcUtil.authorityFromHostAndPort(
             TestUtils.TEST_SERVER_HOST, getPort()));
     try {
-      builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(TestUtils.loadCert("ca.pem")));
+      builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
+              new FileInputStream(TestUtils.loadCert("ca.pem"))));
     } catch (Exception e) {
       throw new RuntimeException(e);
     }
@@ -149,7 +152,8 @@ public void wrongHostNameFailHostnameVerification() throws Exception {
         .overrideAuthority(GrpcUtil.authorityFromHostAndPort(
             "I.am.a.bad.hostname", getPort()));
     ManagedChannel channel = builder.sslSocketFactory(
-        TestUtils.newSslSocketFactoryForCa(TestUtils.loadCert("ca.pem"))).build();
+        TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
+            new FileInputStream(TestUtils.loadCert("ca.pem")))).build();
     TestServiceGrpc.TestServiceBlockingStub blockingStub =
         TestServiceGrpc.newBlockingStub(channel);
 

okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelBuilder.java

@@ -38,7 +38,6 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
-import com.google.common.util.concurrent.ThreadFactoryBuilder;
 
 import com.squareup.okhttp.CipherSuite;
 import com.squareup.okhttp.ConnectionSpec;
@@ -54,15 +53,18 @@
 import io.grpc.internal.GrpcUtil;
 import io.grpc.internal.SharedResourceHolder;
 import io.grpc.internal.SharedResourceHolder.Resource;
+import io.grpc.okhttp.internal.Platform;
 
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
+import java.security.GeneralSecurityException;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
 
 import javax.annotation.Nullable;
+import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 
 /** Convenience class for building channels with the OkHttp transport. */
@@ -90,10 +92,7 @@ public class OkHttpChannelBuilder extends
       new Resource<ExecutorService>() {
         @Override
         public ExecutorService create() {
-          return Executors.newCachedThreadPool(new ThreadFactoryBuilder()
-              .setDaemon(true)
-              .setNameFormat("grpc-okhttp-%d")
-              .build());
+          return Executors.newCachedThreadPool(GrpcUtil.getThreadFactory("grpc-okhttp-%d", true));
         }
 
         @Override
@@ -147,6 +146,11 @@ public final OkHttpChannelBuilder transportExecutor(@Nullable Executor transport
   /**
    * Sets the negotiation type for the HTTP/2 connection.
    *
+   * <p>If TLS is enabled a default {@link SSLSocketFactory} is created using the best
+   * {@link java.security.Provider} available and is NOT based on
+   * {@link SSLSocketFactory#getDefault}. To more precisely control the TLS configuration call
+   * {@link #sslSocketFactory} to override the socket factory used.
+   *
    * <p>Default: <code>TLS</code>
    */
   public final OkHttpChannelBuilder negotiationType(NegotiationType type) {
@@ -180,7 +184,8 @@ public final OkHttpChannelBuilder enableKeepAlive(boolean enable, long keepAlive
   }
 
   /**
-   * Provides a SSLSocketFactory to replace the default SSLSocketFactory used for TLS.
+   * Override the default {@link SSLSocketFactory} and enable {@link NegotiationType#TLS}
+   * negotiation.
    *
    * <p>By default, when TLS is enabled, <code>SSLSocketFactory.getDefault()</code> will be used.
    *
@@ -264,8 +269,16 @@ protected Attributes getNameResolverParams() {
   SSLSocketFactory createSocketFactory() {
     switch (negotiationType) {
       case TLS:
-        return sslSocketFactory == null
-            ? (SSLSocketFactory) SSLSocketFactory.getDefault() : sslSocketFactory;
+        try {
+          if (sslSocketFactory == null) {
+            SSLContext sslContext = SSLContext.getInstance("TLS", Platform.get().getProvider());
+            sslContext.init(null, null, null);
+            sslSocketFactory = sslContext.getSocketFactory();
+          }
+          return sslSocketFactory;
+        } catch (GeneralSecurityException gse) {
+          throw new RuntimeException("TLS Provider failure", gse);
+        }
       case PLAINTEXT:
         return null;
       default:

okhttp/src/main/java/io/grpc/okhttp/OkHttpChannelProvider.java

@@ -33,18 +33,22 @@
 
 import io.grpc.Internal;
 import io.grpc.ManagedChannelProvider;
+import io.grpc.internal.GrpcUtil;
 
-/** Provider for {@link OkHttpChannelBuilder} instances. */
+/**
+ * Provider for {@link OkHttpChannelBuilder} instances.
+ */
 @Internal
 public final class OkHttpChannelProvider extends ManagedChannelProvider {
+
   @Override
   public boolean isAvailable() {
     return true;
   }
 
   @Override
   public int priority() {
-    return isAndroid() ? 8 : 3;
+    return (GrpcUtil.IS_RESTRICTED_APPENGINE || isAndroid()) ? 8 : 3;
   }
 
   @Override

okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java

@@ -735,7 +735,9 @@ class ClientFrameHandler implements FrameReader.Handler, Runnable {
     @Override
     public void run() {
       String threadName = Thread.currentThread().getName();
-      Thread.currentThread().setName("OkHttpClientTransport");
+      if (!GrpcUtil.IS_RESTRICTED_APPENGINE) {
+        Thread.currentThread().setName("OkHttpClientTransport");
+      }
       try {
         // Read until the underlying socket closes.
         while (frameReader.nextFrame(this)) {
@@ -758,8 +760,10 @@ public void run() {
           log.log(Level.INFO, "Exception closing frame reader", ex);
         }
         listener.transportTerminated();
-        // Restore the original thread name.
-        Thread.currentThread().setName(threadName);
+        if (!GrpcUtil.IS_RESTRICTED_APPENGINE) {
+          // Restore the original thread name.
+          Thread.currentThread().setName(threadName);
+        }
       }
     }