s2a: Address comments on PR#11113 (#11534)

* Mark S2A public APIs as experimental.

* Rename S2AChannelCredentials createBuilder API to newBuilder.

* Remove usage of AdvancedTls.

* Use InsecureChannelCredentials.create instead of Optional.

* Invoke Thread.currentThread().interrupt() in a InterruptedException block.

s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java

@@ -21,17 +21,16 @@ import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.base.Strings.isNullOrEmpty;
 
 import io.grpc.ChannelCredentials;
+import io.grpc.ExperimentalApi;
 import io.grpc.TlsChannelCredentials;
-import io.grpc.util.AdvancedTlsX509KeyManager;
-import io.grpc.util.AdvancedTlsX509TrustManager;
 import java.io.File;
 import java.io.IOException;
-import java.security.GeneralSecurityException;
 
 /**
  * Configures an {@code S2AChannelCredentials.Builder} instance with credentials used to establish a
  * connection with the S2A to support talking to the S2A over mTLS.
  */
+@ExperimentalApi("https://github.com/grpc/grpc-java/issues/11533")
 public final class MtlsToS2AChannelCredentials {
   /**
    * Creates a {@code S2AChannelCredentials.Builder} builder, that talks to the S2A over mTLS.
@@ -42,7 +41,7 @@ public final class MtlsToS2AChannelCredentials {
    * @param trustBundlePath the path to the trust bundle PEM.
    * @return a {@code MtlsToS2AChannelCredentials.Builder} instance.
    */
-  public static Builder createBuilder(
+  public static Builder newBuilder(
       String s2aAddress, String privateKeyPath, String certChainPath, String trustBundlePath) {
     checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
     checkArgument(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty.");
@@ -66,7 +65,7 @@ public final class MtlsToS2AChannelCredentials {
       this.trustBundlePath = trustBundlePath;
     }
 
-    public S2AChannelCredentials.Builder build() throws GeneralSecurityException, IOException {
+    public S2AChannelCredentials.Builder build() throws IOException {
       checkState(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
       checkState(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty.");
       checkState(!isNullOrEmpty(certChainPath), "certChainPath must not be null or empty.");
@@ -75,19 +74,13 @@ public final class MtlsToS2AChannelCredentials {
       File certChainFile = new File(certChainPath);
       File trustBundleFile = new File(trustBundlePath);
 
-      AdvancedTlsX509KeyManager keyManager = new AdvancedTlsX509KeyManager();
-      keyManager.updateIdentityCredentials(certChainFile, privateKeyFile);
-
-      AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build();
-      trustManager.updateTrustCredentials(trustBundleFile);
-
       ChannelCredentials channelToS2ACredentials =
           TlsChannelCredentials.newBuilder()
-              .keyManager(keyManager)
+              .keyManager(certChainFile, privateKeyFile)
-              .trustManager(trustManager)
+              .trustManager(trustBundleFile)
               .build();
 
-      return S2AChannelCredentials.createBuilder(s2aAddress)
+      return S2AChannelCredentials.newBuilder(s2aAddress)
           .setS2AChannelCredentials(channelToS2ACredentials);
     }
   }

s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java

@@ -24,6 +24,8 @@ import static com.google.common.base.Strings.isNullOrEmpty;
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
+import io.grpc.ExperimentalApi;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.internal.ObjectPool;
 import io.grpc.internal.SharedResourcePool;
 import io.grpc.netty.InternalNettyChannelCredentials;
@@ -31,7 +33,6 @@ import io.grpc.netty.InternalProtocolNegotiator;
 import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
 import io.grpc.s2a.handshaker.S2AIdentity;
 import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory;
-import java.util.Optional;
 import javax.annotation.concurrent.NotThreadSafe;
 import org.checkerframework.checker.nullness.qual.Nullable;
 
@@ -39,6 +40,7 @@ import org.checkerframework.checker.nullness.qual.Nullable;
  * Configures gRPC to use S2A for transport security when establishing a secure channel. Only for
  * use on the client side of a gRPC connection.
  */
+@ExperimentalApi("https://github.com/grpc/grpc-java/issues/11533")
 public final class S2AChannelCredentials {
   /**
    * Creates a channel credentials builder for establishing an S2A-secured connection.
@@ -46,7 +48,7 @@ public final class S2AChannelCredentials {
    * @param s2aAddress the address of the S2A server used to secure the connection.
    * @return a {@code S2AChannelCredentials.Builder} instance.
    */
-  public static Builder createBuilder(String s2aAddress) {
+  public static Builder newBuilder(String s2aAddress) {
     checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty.");
     return new Builder(s2aAddress);
   }
@@ -56,13 +58,13 @@ public final class S2AChannelCredentials {
   public static final class Builder {
     private final String s2aAddress;
     private ObjectPool<Channel> s2aChannelPool;
-    private Optional<ChannelCredentials> s2aChannelCredentials;
+    private ChannelCredentials s2aChannelCredentials;
     private @Nullable S2AIdentity localIdentity = null;
 
     Builder(String s2aAddress) {
       this.s2aAddress = s2aAddress;
       this.s2aChannelPool = null;
-      this.s2aChannelCredentials = Optional.empty();
+      this.s2aChannelCredentials = InsecureChannelCredentials.create();
     }
 
     /**
@@ -107,7 +109,7 @@ public final class S2AChannelCredentials {
     /** Sets the credentials to be used when connecting to the S2A. */
     @CanIgnoreReturnValue
     public Builder setS2AChannelCredentials(ChannelCredentials s2aChannelCredentials) {
-      this.s2aChannelCredentials = Optional.of(s2aChannelCredentials);
+      this.s2aChannelCredentials = s2aChannelCredentials;
       return this;
     }
 

s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java

@@ -30,7 +30,6 @@ import io.grpc.MethodDescriptor;
 import io.grpc.internal.SharedResourceHolder.Resource;
 import io.grpc.netty.NettyChannelBuilder;
 import java.time.Duration;
-import java.util.Optional;
 import java.util.concurrent.ConcurrentMap;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -71,8 +70,9 @@ public final class S2AHandshakerServiceChannel {
    *     running at {@code s2aAddress}.
    */
   public static Resource<Channel> getChannelResource(
-      String s2aAddress, Optional<ChannelCredentials> s2aChannelCredentials) {
+      String s2aAddress, ChannelCredentials s2aChannelCredentials) {
     checkNotNull(s2aAddress);
+    checkNotNull(s2aChannelCredentials);
     return SHARED_RESOURCE_CHANNELS.computeIfAbsent(
         s2aAddress, channelResource -> new ChannelResource(s2aAddress, s2aChannelCredentials));
   }
@@ -84,9 +84,9 @@ public final class S2AHandshakerServiceChannel {
    */
   private static class ChannelResource implements Resource<Channel> {
     private final String targetAddress;
-    private final Optional<ChannelCredentials> channelCredentials;
+    private final ChannelCredentials channelCredentials;
 
-    public ChannelResource(String targetAddress, Optional<ChannelCredentials> channelCredentials) {
+    public ChannelResource(String targetAddress, ChannelCredentials channelCredentials) {
       this.targetAddress = targetAddress;
       this.channelCredentials = channelCredentials;
     }
@@ -97,21 +97,10 @@ public final class S2AHandshakerServiceChannel {
      */
     @Override
     public Channel create() {
-      ManagedChannel channel = null;
+      ManagedChannel channel =
-      if (channelCredentials.isPresent()) {
+          NettyChannelBuilder.forTarget(targetAddress, channelCredentials)
-        // Create a secure channel.
+              .directExecutor()
-        channel =
+              .build();
-            NettyChannelBuilder.forTarget(targetAddress, channelCredentials.get())
-                .directExecutor()
-                .build();
-      } else {
-        // Create a plaintext channel.
-        channel =
-            NettyChannelBuilder.forTarget(targetAddress)
-                .directExecutor()
-                .usePlaintext()
-                .build();
-      }
       return HandshakerServiceChannel.create(channel);
     }
 

s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java

@@ -121,6 +121,9 @@ final class S2ATrustManager implements X509TrustManager {
     try {
       resp = stub.send(reqBuilder.build());
     } catch (IOException | InterruptedException e) {
+      if (e instanceof InterruptedException) {
+        Thread.currentThread().interrupt();
+      }
       throw new CertificateException("Failed to send request to S2A.", e);
     }
     if (resp.hasStatus() && resp.getStatus().getCode() != 0) {

s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java

@@ -26,11 +26,11 @@ import org.junit.runners.JUnit4;
 @RunWith(JUnit4.class)
 public final class MtlsToS2AChannelCredentialsTest {
   @Test
-  public void createBuilder_nullAddress_throwsException() throws Exception {
+  public void newBuilder_nullAddress_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ null,
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -38,11 +38,11 @@ public final class MtlsToS2AChannelCredentialsTest {
   }
 
   @Test
-  public void createBuilder_nullPrivateKeyPath_throwsException() throws Exception {
+  public void newBuilder_nullPrivateKeyPath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ null,
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -50,11 +50,11 @@ public final class MtlsToS2AChannelCredentialsTest {
   }
 
   @Test
-  public void createBuilder_nullCertChainPath_throwsException() throws Exception {
+  public void newBuilder_nullCertChainPath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ null,
@@ -62,11 +62,11 @@ public final class MtlsToS2AChannelCredentialsTest {
   }
 
   @Test
-  public void createBuilder_nullTrustBundlePath_throwsException() throws Exception {
+  public void newBuilder_nullTrustBundlePath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -74,11 +74,11 @@ public final class MtlsToS2AChannelCredentialsTest {
   }
 
   @Test
-  public void createBuilder_emptyAddress_throwsException() throws Exception {
+  public void newBuilder_emptyAddress_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -86,11 +86,11 @@ public final class MtlsToS2AChannelCredentialsTest {
   }
 
   @Test
-  public void createBuilder_emptyPrivateKeyPath_throwsException() throws Exception {
+  public void newBuilder_emptyPrivateKeyPath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -98,11 +98,11 @@ public final class MtlsToS2AChannelCredentialsTest {
   }
 
   @Test
-  public void createBuilder_emptyCertChainPath_throwsException() throws Exception {
+  public void newBuilder_emptyCertChainPath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "",
@@ -110,11 +110,11 @@ public final class MtlsToS2AChannelCredentialsTest {
   }
 
   @Test
-  public void createBuilder_emptyTrustBundlePath_throwsException() throws Exception {
+  public void newBuilder_emptyTrustBundlePath_throwsException() throws Exception {
     assertThrows(
         IllegalArgumentException.class,
         () ->
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -124,7 +124,7 @@ public final class MtlsToS2AChannelCredentialsTest {
   @Test
   public void build_s2AChannelCredentials_success() throws Exception {
     assertThat(
-            MtlsToS2AChannelCredentials.createBuilder(
+            MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ "s2a_address",
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",

s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java

@@ -30,40 +30,40 @@ import org.junit.runners.JUnit4;
 @RunWith(JUnit4.class)
 public final class S2AChannelCredentialsTest {
   @Test
-  public void createBuilder_nullArgument_throwsException() throws Exception {
+  public void newBuilder_nullArgument_throwsException() throws Exception {
-    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.createBuilder(null));
+    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.newBuilder(null));
   }
 
   @Test
-  public void createBuilder_emptyAddress_throwsException() throws Exception {
+  public void newBuilder_emptyAddress_throwsException() throws Exception {
-    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.createBuilder(""));
+    assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.newBuilder(""));
   }
 
   @Test
   public void setLocalSpiffeId_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalSpiffeId(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalSpiffeId(null));
   }
 
   @Test
   public void setLocalHostname_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalHostname(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalHostname(null));
   }
 
   @Test
   public void setLocalUid_nullArgument_throwsException() throws Exception {
     assertThrows(
         NullPointerException.class,
-        () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalUid(null));
+        () -> S2AChannelCredentials.newBuilder("s2a_address").setLocalUid(null));
   }
 
   @Test
   public void build_withLocalSpiffeId_succeeds() throws Exception {
     assertThat(
-            S2AChannelCredentials.createBuilder("s2a_address")
+            S2AChannelCredentials.newBuilder("s2a_address")
                 .setLocalSpiffeId("spiffe://test")
                 .build())
         .isNotNull();
@@ -72,7 +72,7 @@ public final class S2AChannelCredentialsTest {
   @Test
   public void build_withLocalHostname_succeeds() throws Exception {
     assertThat(
-            S2AChannelCredentials.createBuilder("s2a_address")
+            S2AChannelCredentials.newBuilder("s2a_address")
                 .setLocalHostname("local_hostname")
                 .build())
         .isNotNull();
@@ -80,20 +80,20 @@ public final class S2AChannelCredentialsTest {
 
   @Test
   public void build_withLocalUid_succeeds() throws Exception {
-    assertThat(S2AChannelCredentials.createBuilder("s2a_address").setLocalUid("local_uid").build())
+    assertThat(S2AChannelCredentials.newBuilder("s2a_address").setLocalUid("local_uid").build())
         .isNotNull();
   }
 
   @Test
   public void build_withNoLocalIdentity_succeeds() throws Exception {
-    assertThat(S2AChannelCredentials.createBuilder("s2a_address").build())
+    assertThat(S2AChannelCredentials.newBuilder("s2a_address").build())
         .isNotNull();
   }
   
   @Test
   public void build_withTlsChannelCredentials_succeeds() throws Exception {
     assertThat(
-            S2AChannelCredentials.createBuilder("s2a_address")
+            S2AChannelCredentials.newBuilder("s2a_address")
                 .setLocalSpiffeId("spiffe://test")
                 .setS2AChannelCredentials(getTlsChannelCredentials())
                 .build())

s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java

@@ -24,6 +24,7 @@ import io.grpc.CallOptions;
 import io.grpc.Channel;
 import io.grpc.ChannelCredentials;
 import io.grpc.ClientCall;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.ManagedChannel;
 import io.grpc.MethodDescriptor;
 import io.grpc.Server;
@@ -42,7 +43,6 @@ import io.grpc.testing.protobuf.SimpleRequest;
 import io.grpc.testing.protobuf.SimpleResponse;
 import io.grpc.testing.protobuf.SimpleServiceGrpc;
 import java.io.File;
-import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 import org.junit.Before;
 import org.junit.ClassRule;
@@ -74,7 +74,7 @@ public final class S2AHandshakerServiceChannelTest {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     assertThat(resource.toString()).isEqualTo("grpc-s2a-channel");
   }
 
@@ -96,11 +96,11 @@ public final class S2AHandshakerServiceChannelTest {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Resource<Channel> resourceTwo =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     assertThat(resource).isEqualTo(resourceTwo);
   }
 
@@ -125,10 +125,10 @@ public final class S2AHandshakerServiceChannelTest {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Resource<Channel> resourceTwo =
         S2AHandshakerServiceChannel.getChannelResource(
-            "localhost:" + Utils.pickUnusedPort(), /* s2aChannelCredentials= */ Optional.empty());
+            "localhost:" + Utils.pickUnusedPort(), InsecureChannelCredentials.create());
     assertThat(resourceTwo).isNotEqualTo(resource);
   }
 
@@ -153,7 +153,7 @@ public final class S2AHandshakerServiceChannelTest {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Channel channel = resource.create();
     resource.close(channel);
     StatusRuntimeException expected =
@@ -191,7 +191,7 @@ public final class S2AHandshakerServiceChannelTest {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Channel channel = resource.create();
     assertThat(channel).isInstanceOf(HandshakerServiceChannel.class);
     assertThat(
@@ -256,7 +256,7 @@ public final class S2AHandshakerServiceChannelTest {
     Resource<Channel> resource =
         S2AHandshakerServiceChannel.getChannelResource(
             "localhost:" + plaintextServer.getPort(),
-            /* s2aChannelCredentials= */ Optional.empty());
+            InsecureChannelCredentials.create());
     Channel channelOne = resource.create();
     resource.close(channelOne);
 
@@ -308,15 +308,14 @@ public final class S2AHandshakerServiceChannelTest {
         ServerBuilder.forPort(Utils.pickUnusedPort()).addService(service).build());
   }
 
-  private static Optional<ChannelCredentials> getTlsChannelCredentials() throws Exception {
+  private static ChannelCredentials getTlsChannelCredentials() throws Exception {
     File clientCert = new File("src/test/resources/client_cert.pem");
     File clientKey = new File("src/test/resources/client_key.pem");
     File rootCert = new File("src/test/resources/root_cert.pem");
-    return Optional.of(
+    return TlsChannelCredentials.newBuilder()
-        TlsChannelCredentials.newBuilder()
             .keyManager(clientCert, clientKey)
             .trustManager(rootCert)
-            .build());
+            .build();
   }
 
   private static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase {

s2a/src/test/java/io/grpc/s2a/handshaker/IntegrationTest.java

@@ -186,7 +186,7 @@ public final class IntegrationTest {
   @Test
   public void clientCommunicateUsingS2ACredentials_succeeds() throws Exception {
     ChannelCredentials credentials =
-        S2AChannelCredentials.createBuilder(s2aAddress).setLocalSpiffeId("test-spiffe-id").build();
+        S2AChannelCredentials.newBuilder(s2aAddress).setLocalSpiffeId("test-spiffe-id").build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     assertThat(doUnaryRpc(channel)).isTrue();
@@ -194,7 +194,7 @@ public final class IntegrationTest {
 
   @Test
   public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throws Exception {
-    ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aAddress).build();
+    ChannelCredentials credentials = S2AChannelCredentials.newBuilder(s2aAddress).build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     assertThat(doUnaryRpc(channel)).isTrue();
@@ -203,7 +203,7 @@ public final class IntegrationTest {
   @Test
   public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Exception {
     ChannelCredentials credentials =
-        MtlsToS2AChannelCredentials.createBuilder(
+        MtlsToS2AChannelCredentials.newBuilder(
                 /* s2aAddress= */ mtlsS2AAddress,
                 /* privateKeyPath= */ "src/test/resources/client_key.pem",
                 /* certChainPath= */ "src/test/resources/client_cert.pem",
@@ -218,7 +218,7 @@ public final class IntegrationTest {
 
   @Test
   public void clientCommunicateUsingS2ACredentials_s2AdelayStart_succeeds() throws Exception {
-    ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aDelayAddress).build();
+    ChannelCredentials credentials = S2AChannelCredentials.newBuilder(s2aDelayAddress).build();
     ManagedChannel channel = Grpc.newChannelBuilder(serverAddress, credentials).build();
 
     FutureTask<Boolean> rpc = new FutureTask<>(() -> doUnaryRpc(channel));

s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java

@@ -115,7 +115,7 @@ public class S2AProtocolNegotiatorFactoryTest {
         S2AGrpcChannelPool.create(
             SharedResourcePool.forResource(
                 S2AHandshakerServiceChannel.getChannelResource(
-                    "localhost:8080", /* s2aChannelCredentials= */ Optional.empty())));
+                    "localhost:8080", InsecureChannelCredentials.create())));
 
     NullPointerTester tester =
         new NullPointerTester()

s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java

@@ -21,13 +21,13 @@ import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
 import static org.junit.Assert.assertThrows;
 
 import com.google.common.truth.Expect;
+import io.grpc.InsecureChannelCredentials;
 import io.grpc.internal.SharedResourcePool;
 import io.grpc.s2a.channel.S2AChannelPool;
 import io.grpc.s2a.channel.S2AGrpcChannelPool;
 import io.grpc.s2a.channel.S2AHandshakerServiceChannel;
 import io.grpc.stub.StreamObserver;
 import java.io.IOException;
-import java.util.Optional;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -55,7 +55,7 @@ public class S2AStubTest {
         S2AGrpcChannelPool.create(
             SharedResourcePool.forResource(
                 S2AHandshakerServiceChannel.getChannelResource(
-                    S2A_ADDRESS, /* s2aChannelCredentials= */ Optional.empty())));
+                    S2A_ADDRESS, InsecureChannelCredentials.create())));
     S2AServiceGrpc.S2AServiceStub serviceStub = S2AServiceGrpc.newStub(channelPool.getChannel());
     S2AStub newStub = S2AStub.newInstance(serviceStub);