Tracking issue for AdvancedTls-related API being experimental

[ZhenLian]

This includes:

• io.grpc.util.CertificateUtils.getX509Certificates

• io.grpc.util.CertificateUtils.getPrivateKey

(More to be updated...)

[ejona86]

API review for advanced Trust/KeyManager:

• Noticed TrustManager had key and certChain reversed compared to TlsChannelCredentials/ServerCredentials. The credentials are a stable API so can't really be changed. Annoying to fix in KeyManager, since (File, File) arguments can’t just be swapped without having a new method name
  • Could have the name be updateIdentities().
  • Could drop FromFile from name. +4
  • Meh. +2
• We'll drop FromFile and swap the argument order. The old methods will be marked deprecated.

[pierre94]

What is the status of this API? Is it stable?

[pierre94]

What is the status of this API? Is it stable?

@ejona86 @ZhenLian

[larry-safran]

Ignoring io.grpc.util.CertificateUtils and only applying to the AdvancedTls* classes

Approved with following work

• creating a renamed method with switched argument order and deprecating the existing one
• adding javadoc documentation for the many places it is missing
• constructors throw an exception (CertificateException) that they don't need to which should be removed

@pierre94 would you like to contribute a PR to address this?

[ejona86]

https://github.com/grpc/grpc-java/issues/10810 may impact this implementation as well (it is a separate implementation, but does the same things when you configure it a specific way).

[larry-safran]

io.grpc.util.CertificateUtils should be pulled out of this and moved to the io.grpc.internal package. This would allow things to skip the dependency on util (which has round robin).
Currently used by a very small number of community users, so should forward it and mark deprecated.