grpc-java icon indicating copy to clipboard operation
grpc-java copied to clipboard
verified publisher icon grpc

security: Stabilize AdvancedTlsX509KeyManager.

Open erm-g opened this issue 1 year ago • 1 comments

This PR is a part of 'Stabilize Advanced TLS' effort. Clean up, improve javadoc, de-experimentalize of AdvancedTlsX509KeyManager, add a unit test (e2e already exists).

erm-g avatar May 01 '24 02:05 erm-g

Please address the failing tests. :)

Fixed (few styling things)

erm-g avatar May 08 '24 03:05 erm-g

@matthewstevenson88, do you want us to wait for your approval before this goes in?

ejona86 avatar May 29 '24 22:05 ejona86

Thanks @ejona86. LGTM, and ok to merge once the FakeClock change is done.

matthewstevenson88 avatar May 29 '24 22:05 matthewstevenson88

API review meeting notes:

an object that caller should close when the file refreshes are not needed

s/not/no longer/

We noticed we had looked at this API before, and had talked about changing the argument order. https://github.com/grpc/grpc-java/issues/8024#issuecomment-1220003981 . Although I did today notice that KeyStore uses the argument order seen here. https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/KeyStore.html#setKeyEntry(java.lang.String,byte%5B%5D,java.security.cert.Certificate%5B%5D)

We probably would let y'all (security team) decide how y'all feel about the different argument order. It is mostly a problem for File-based reading, because there's not different types to the arguments.

ejona86 avatar May 30 '24 18:05 ejona86