Clarify guarantees around remote channnel/request attribute presence

service/src/main/java/org/whispersystems/textsecuregcm/auth/grpc/AbstractAuthenticationInterceptor.java

@@ -1,34 +1,22 @@
 package org.whispersystems.textsecuregcm.auth.grpc;
 
-import io.grpc.Grpc;
-import io.grpc.Metadata;
 import io.grpc.ServerCall;
 import io.grpc.ServerInterceptor;
-import io.grpc.Status;
-import io.netty.channel.local.LocalAddress;
-import org.whispersystems.textsecuregcm.grpc.net.GrpcClientConnectionManager;
 import java.util.Optional;
+import org.whispersystems.textsecuregcm.grpc.ChannelNotFoundException;
+import org.whispersystems.textsecuregcm.grpc.net.GrpcClientConnectionManager;
 
 abstract class AbstractAuthenticationInterceptor implements ServerInterceptor {
 
   private final GrpcClientConnectionManager grpcClientConnectionManager;
 
-  private static final Metadata EMPTY_TRAILERS = new Metadata();
-
   AbstractAuthenticationInterceptor(final GrpcClientConnectionManager grpcClientConnectionManager) {
     this.grpcClientConnectionManager = grpcClientConnectionManager;
   }
 
-  protected Optional<AuthenticatedDevice> getAuthenticatedDevice(final ServerCall<?, ?> call) {
-    if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR) instanceof LocalAddress localAddress) {
-      return grpcClientConnectionManager.getAuthenticatedDevice(localAddress);
-    } else {
-      throw new AssertionError("Unexpected channel type: " + call.getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR));
-    }
-  }
+  protected Optional<AuthenticatedDevice> getAuthenticatedDevice(final ServerCall<?, ?> call)
+      throws ChannelNotFoundException {
 
-  protected <ReqT, RespT> ServerCall.Listener<ReqT> closeAsUnauthenticated(final ServerCall<ReqT, RespT> call) {
-    call.close(Status.UNAUTHENTICATED, EMPTY_TRAILERS);
-    return new ServerCall.Listener<>() {};
+    return grpcClientConnectionManager.getAuthenticatedDevice(call);
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/grpc/ProhibitAuthenticationInterceptor.java

@@ -3,12 +3,17 @@ package org.whispersystems.textsecuregcm.auth.grpc;
 import io.grpc.Metadata;
 import io.grpc.ServerCall;
 import io.grpc.ServerCallHandler;
+import io.grpc.Status;
+import org.whispersystems.textsecuregcm.grpc.ChannelNotFoundException;
+import org.whispersystems.textsecuregcm.grpc.ServerInterceptorUtil;
 import org.whispersystems.textsecuregcm.grpc.net.GrpcClientConnectionManager;
 
 /**
  * A "prohibit authentication" interceptor ensures that requests to endpoints that should be invoked anonymously do not
  * originate from a channel that is associated with an authenticated device. Calls with an associated authenticated
- * device are closed with an {@code UNAUTHENTICATED} status.
+ * device are closed with an {@code UNAUTHENTICATED} status. If a call's authentication status cannot be determined
+ * (i.e. because the underlying remote channel closed before the {@code ServerCall} started), the interceptor will
+ * reject the call with a status of {@code UNAVAILABLE}.
  */
 public class ProhibitAuthenticationInterceptor extends AbstractAuthenticationInterceptor {
 
@@ -21,8 +26,15 @@ public class ProhibitAuthenticationInterceptor extends AbstractAuthenticationInt
       final Metadata headers,
       final ServerCallHandler<ReqT, RespT> next) {
 
-    return getAuthenticatedDevice(call)
-        .map(ignored -> closeAsUnauthenticated(call))
-        .orElseGet(() -> next.startCall(call, headers));
+    try {
+      return getAuthenticatedDevice(call)
+          // Status.INTERNAL may seem a little surprising here, but if a caller is reaching an authentication-prohibited
+          // service via an authenticated connection, then that's actually a server configuration issue and not a
+          // problem with the client's request.
+          .map(ignored -> ServerInterceptorUtil.closeWithStatus(call, Status.INTERNAL))
+          .orElseGet(() -> next.startCall(call, headers));
+    } catch (final ChannelNotFoundException e) {
+      return ServerInterceptorUtil.closeWithStatus(call, Status.UNAVAILABLE);
+    }
   }
 }

service/src/main/java/org/whispersystems/textsecuregcm/auth/grpc/RequireAuthenticationInterceptor.java

@@ -5,12 +5,16 @@ import io.grpc.Contexts;
 import io.grpc.Metadata;
 import io.grpc.ServerCall;
 import io.grpc.ServerCallHandler;
+import io.grpc.Status;
+import org.whispersystems.textsecuregcm.grpc.ChannelNotFoundException;
+import org.whispersystems.textsecuregcm.grpc.ServerInterceptorUtil;
 import org.whispersystems.textsecuregcm.grpc.net.GrpcClientConnectionManager;
 
 /**
  * A "require authentication" interceptor requires that requests be issued from a connection that is associated with an
  * authenticated device. Calls without an associated authenticated device are closed with an {@code UNAUTHENTICATED}
- * status.
+ * status. If a call's authentication status cannot be determined (i.e. because the underlying remote channel closed
+ * before the {@code ServerCall} started), the interceptor will reject the call with a status of {@code UNAVAILABLE}.
  */
 public class RequireAuthenticationInterceptor extends AbstractAuthenticationInterceptor {
 
@@ -23,10 +27,17 @@ public class RequireAuthenticationInterceptor extends AbstractAuthenticationInte
       final Metadata headers,
       final ServerCallHandler<ReqT, RespT> next) {
 
-    return getAuthenticatedDevice(call)
-        .map(authenticatedDevice -> Contexts.interceptCall(Context.current()
-                .withValue(AuthenticationUtil.CONTEXT_AUTHENTICATED_DEVICE, authenticatedDevice),
-            call, headers, next))
-        .orElseGet(() -> closeAsUnauthenticated(call));
+    try {
+      return getAuthenticatedDevice(call)
+          .map(authenticatedDevice -> Contexts.interceptCall(Context.current()
+                  .withValue(AuthenticationUtil.CONTEXT_AUTHENTICATED_DEVICE, authenticatedDevice),
+              call, headers, next))
+          // Status.INTERNAL may seem a little surprising here, but if a caller is reaching an authentication-required
+          // service via an unauthenticated connection, then that's actually a server configuration issue and not a
+          // problem with the client's request.
+          .orElseGet(() -> ServerInterceptorUtil.closeWithStatus(call, Status.INTERNAL));
+    } catch (final ChannelNotFoundException e) {
+      return ServerInterceptorUtil.closeWithStatus(call, Status.UNAVAILABLE);
+    }
   }
 }