From cd44f7d0d1f84bf35832725ada19dca349eda9cc Mon Sep 17 00:00:00 2001 From: Sangamesh1997 Date: Thu, 11 Sep 2025 11:57:29 +0000 Subject: [PATCH 1/3] Util: AdvancedTlsX509TrustManager code changes for handling fine not found --- .../grpc/util/AdvancedTlsX509TrustManager.java | 4 ++++ .../util/AdvancedTlsX509TrustManagerTest.java | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java index b4b9b25d1de..5d134d1fd38 100644 --- a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java +++ b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java @@ -22,6 +22,7 @@ import io.grpc.ExperimentalApi; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.net.Socket; import java.security.GeneralSecurityException; @@ -339,6 +340,9 @@ public void run() { private long readAndUpdate(File trustCertFile, long oldTime) throws IOException, GeneralSecurityException { long newTime = checkNotNull(trustCertFile, "trustCertFile").lastModified(); + if (newTime == 0 && !trustCertFile.exists()) { + throw new FileNotFoundException("Certificate not found: " + trustCertFile.getAbsolutePath()); + } if (newTime == oldTime) { return oldTime; } diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java index 228dbf5ea5b..197e291fec8 100644 --- a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java +++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java @@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -30,7 +31,9 @@ import io.grpc.testing.TlsTesting; import io.grpc.util.AdvancedTlsX509TrustManager.Verification; import java.io.File; +import java.io.FileNotFoundException; import java.io.IOException; +import java.lang.reflect.Method; import java.net.Socket; import java.security.GeneralSecurityException; import java.security.cert.CertificateException; @@ -142,6 +145,21 @@ record -> record.getMessage().contains("Default value of ")); } } + @Test + public void missingFile_throwsFileNotFoundException() throws Exception { + AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build(); + Method readAndUpdateMethod = + AdvancedTlsX509TrustManager.class.getDeclaredMethod( + "readAndUpdate", File.class, long.class); + readAndUpdateMethod.setAccessible(true); + File nonExistentFile = new File("missing_cert.pem"); + Exception thrown = assertThrows( + Exception.class, () -> readAndUpdateMethod.invoke(trustManager, nonExistentFile, 0L)); + + assertTrue("Should throw FileNotFoundException, but got: " + thrown.getCause(), + thrown.getCause() instanceof FileNotFoundException); + } + @Test public void clientTrustedWithSocketTest() throws Exception { AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder() From 84c8663c95a0fb5a8014992cb54a73e7b8798c27 Mon Sep 17 00:00:00 2001 From: Sangamesh1997 Date: Thu, 11 Sep 2025 13:24:58 +0000 Subject: [PATCH 2/3] Util: AdvancedTlsX509TrustManager code changes for handling fine not found --- .../java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java index 197e291fec8..a0e6693939d 100644 --- a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java +++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java @@ -20,7 +20,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; -import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -31,7 +30,6 @@ import io.grpc.testing.TlsTesting; import io.grpc.util.AdvancedTlsX509TrustManager.Verification; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.lang.reflect.Method; import java.net.Socket; @@ -156,8 +154,8 @@ public void missingFile_throwsFileNotFoundException() throws Exception { Exception thrown = assertThrows( Exception.class, () -> readAndUpdateMethod.invoke(trustManager, nonExistentFile, 0L)); - assertTrue("Should throw FileNotFoundException, but got: " + thrown.getCause(), - thrown.getCause() instanceof FileNotFoundException); + assertEquals(thrown.getCause().getMessage(), + "Certificate not found: " + nonExistentFile.getAbsolutePath()); } @Test From 02f8ba23f02f72f9bd1a353d029e8aca59fc6ded Mon Sep 17 00:00:00 2001 From: Sangamesh1997 Date: Fri, 12 Sep 2025 06:08:46 +0000 Subject: [PATCH 3/3] Util: AdvancedTlsX509TrustManager review comments addressed --- .../io/grpc/util/AdvancedTlsX509TrustManager.java | 6 +++--- .../util/AdvancedTlsX509TrustManagerTest.java | 15 +++++---------- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java index 5d134d1fd38..0739fa3d453 100644 --- a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java +++ b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java @@ -22,7 +22,6 @@ import io.grpc.ExperimentalApi; import java.io.File; import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.net.Socket; import java.security.GeneralSecurityException; @@ -340,8 +339,9 @@ public void run() { private long readAndUpdate(File trustCertFile, long oldTime) throws IOException, GeneralSecurityException { long newTime = checkNotNull(trustCertFile, "trustCertFile").lastModified(); - if (newTime == 0 && !trustCertFile.exists()) { - throw new FileNotFoundException("Certificate not found: " + trustCertFile.getAbsolutePath()); + if (newTime == 0) { + throw new IOException( + "Certificate file not found or not readable: " + trustCertFile.getAbsolutePath()); } if (newTime == oldTime) { return oldTime; diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java index a0e6693939d..b9803b03570 100644 --- a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java +++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java @@ -31,7 +31,6 @@ import io.grpc.util.AdvancedTlsX509TrustManager.Verification; import java.io.File; import java.io.IOException; -import java.lang.reflect.Method; import java.net.Socket; import java.security.GeneralSecurityException; import java.security.cert.CertificateException; @@ -146,16 +145,12 @@ record -> record.getMessage().contains("Default value of ")); @Test public void missingFile_throwsFileNotFoundException() throws Exception { AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build(); - Method readAndUpdateMethod = - AdvancedTlsX509TrustManager.class.getDeclaredMethod( - "readAndUpdate", File.class, long.class); - readAndUpdateMethod.setAccessible(true); File nonExistentFile = new File("missing_cert.pem"); - Exception thrown = assertThrows( - Exception.class, () -> readAndUpdateMethod.invoke(trustManager, nonExistentFile, 0L)); - - assertEquals(thrown.getCause().getMessage(), - "Certificate not found: " + nonExistentFile.getAbsolutePath()); + Exception thrown = + assertThrows(Exception.class, () -> trustManager.updateTrustCredentials(nonExistentFile)); + assertNotNull(thrown); + assertEquals(thrown.getMessage(), + "Certificate file not found or not readable: " + nonExistentFile.getAbsolutePath()); } @Test