pr feedbacks

Author: xinsong-cui

runtime/protocol/http-client-engines/http-client-engine-crt/api/http-client-engine-crt.api

@@ -18,16 +18,16 @@ public final class aws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngineConfig
 	public final fun getCaDir ()Ljava/lang/String;
 	public final fun getCaFile ()Ljava/lang/String;
 	public final fun getCaRoot ()Ljava/lang/String;
-	public final fun getCipherPreference ()Laws/sdk/kotlin/crt/io/TlsCipherPreference;
 	public final fun getClientBootstrap ()Laws/sdk/kotlin/crt/io/ClientBootstrap;
 	public final fun getInitialWindowSizeBytes ()I
 	public final fun getMaxConnections-pVg5ArA ()I
+	public final fun getTlsCipherPreference ()Laws/sdk/kotlin/crt/io/TlsCipherPreference;
 	public final fun getVerifyPeer ()Z
 	public final fun setCaDir (Ljava/lang/String;)V
 	public final fun setCaFile (Ljava/lang/String;)V
 	public final fun setCaRoot (Ljava/lang/String;)V
-	public final fun setCipherPreference (Laws/sdk/kotlin/crt/io/TlsCipherPreference;)V
 	public final fun setClientBootstrap (Laws/sdk/kotlin/crt/io/ClientBootstrap;)V
+	public final fun setTlsCipherPreference (Laws/sdk/kotlin/crt/io/TlsCipherPreference;)V
 	public final fun setVerifyPeer (Z)V
 	public fun toBuilderApplicator ()Lkotlin/jvm/functions/Function1;
 }
@@ -37,18 +37,18 @@ public final class aws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngineConfig
 	public final fun getCaDir ()Ljava/lang/String;
 	public final fun getCaFile ()Ljava/lang/String;
 	public final fun getCaRoot ()Ljava/lang/String;
-	public final fun getCipherPreference ()Laws/sdk/kotlin/crt/io/TlsCipherPreference;
 	public final fun getClientBootstrap ()Laws/sdk/kotlin/crt/io/ClientBootstrap;
 	public final fun getInitialWindowSizeBytes ()I
 	public final fun getMaxConnections-pVg5ArA ()I
+	public final fun getTlsCipherPreference ()Laws/sdk/kotlin/crt/io/TlsCipherPreference;
 	public final fun getVerifyPeer ()Z
 	public final fun setCaDir (Ljava/lang/String;)V
 	public final fun setCaFile (Ljava/lang/String;)V
 	public final fun setCaRoot (Ljava/lang/String;)V
-	public final fun setCipherPreference (Laws/sdk/kotlin/crt/io/TlsCipherPreference;)V
 	public final fun setClientBootstrap (Laws/sdk/kotlin/crt/io/ClientBootstrap;)V
 	public final fun setInitialWindowSizeBytes (I)V
 	public final fun setMaxConnections-WZ4Q5Ns (I)V
+	public final fun setTlsCipherPreference (Laws/sdk/kotlin/crt/io/TlsCipherPreference;)V
 	public final fun setVerifyPeer (Z)V
 }
 

runtime/protocol/http-client-engines/http-client-engine-crt/jvm/src/aws/smithy/kotlin/runtime/http/engine/crt/ConnectionManager.kt

@@ -37,7 +37,7 @@ internal class ConnectionManager(
             caRoot = config.caRoot
             caFile = config.caFile
             caDir = config.caDir
-            tlsCipherPreference = config.cipherPreference
+            tlsCipherPreference = config.tlsCipherPreference
             verifyPeer = config.verifyPeer
         }
         .build()

runtime/protocol/http-client-engines/http-client-engine-crt/jvm/src/aws/smithy/kotlin/runtime/http/engine/crt/CrtHttpEngineConfig.kt

@@ -46,32 +46,32 @@ public class CrtHttpEngineConfig private constructor(builder: Builder) : HttpCli
     public var clientBootstrap: ClientBootstrap? = builder.clientBootstrap
 
     /**
-     * Certificate Authority content in PEM format
-     * Mutually exclusive with caFile and caDir.
+     * Certificate authority content in PEM format
+     * Mutually exclusive with [caFile] and [caDir].
      */
     public var caRoot: String? = builder.caRoot
 
     /**
      * Path to the root certificate. Must be in PEM format.
-     * Mutually exclusive with caRoot.
+     * Mutually exclusive with [caRoot]. Can be used independently or together with [caDir].
      */
     public var caFile: String? = builder.caFile
 
     /**
-     * Path to the local trust store. Can be null.
-     * Mutually exclusive with caRoot.
+     * Path to the local trust store. Must be in PEM format.
+     * Mutually exclusive with [caRoot]. Can be used independently or together with [caFile].
      */
     public var caDir: String? = builder.caDir
 
     /**
      * TLS cipher suite preference for connections.
      * Controls which cipher suites are available during TLS negotiation.
      */
-    public var cipherPreference: TlsCipherPreference = builder.cipherPreference
+    public var tlsCipherPreference: TlsCipherPreference = builder.tlsCipherPreference
 
     /**
      * Whether to verify the peer's certificate during TLS handshake.
-     * When false, accepts any certificate (insecure, for testing only).
+     * When false, accepts any certificate.
      */
     public var verifyPeer: Boolean = builder.verifyPeer
 
@@ -85,7 +85,7 @@ public class CrtHttpEngineConfig private constructor(builder: Builder) : HttpCli
             caRoot = this@CrtHttpEngineConfig.caRoot
             caFile = this@CrtHttpEngineConfig.caFile
             caDir = this@CrtHttpEngineConfig.caDir
-            cipherPreference = this@CrtHttpEngineConfig.cipherPreference
+            tlsCipherPreference = this@CrtHttpEngineConfig.tlsCipherPreference
             verifyPeer = this@CrtHttpEngineConfig.verifyPeer
         }
     }
@@ -132,7 +132,7 @@ public class CrtHttpEngineConfig private constructor(builder: Builder) : HttpCli
          * TLS cipher suite preference for connections.
          * Controls which cipher suites are available during TLS negotiation.
          */
-        public var cipherPreference: TlsCipherPreference = TlsCipherPreference.SYSTEM_DEFAULT
+        public var tlsCipherPreference: TlsCipherPreference = TlsCipherPreference.SYSTEM_DEFAULT
 
         /**
          * Whether to verify the peer's certificate during TLS handshake.

runtime/protocol/http-client-engines/http-client-engine-okhttp/jvm/src/aws/smithy/kotlin/runtime/http/engine/okhttp/OkHttpEngine.kt

@@ -203,12 +203,13 @@ private fun toOkHttpTlsVersion(sdkTlsVersion: SdkTlsVersion): OkHttpTlsVersion =
 /**
  * Creates an SSL context with custom trust and key managers
  */
-private fun createSslContext(trustManagerProvider: TlsTrustManagersProvider?, keyManagerProvider: TlsKeyManagersProvider?): Pair<SSLContext, X509TrustManager> {
-    val trustManagers = trustManagerProvider?.trustManagers()
-    val keyManagers = keyManagerProvider?.keyManagers()
+private fun createSslContext(trustManagersProvider: TlsTrustManagersProvider?, keyManagersProvider: TlsKeyManagersProvider?): Pair<SSLContext, X509TrustManager> {
+    val trustManagers = trustManagersProvider?.trustManagers()
+    val keyManagers = keyManagersProvider?.keyManagers()
 
-    if (trustManagerProvider != null && (trustManagers.isNullOrEmpty() || trustManagers[0] !is X509TrustManager)) {
-        throw IllegalStateException("Unexpected trust managers")
+    if (trustManagersProvider != null) {
+        check(!trustManagers.isNullOrEmpty()) { "Trust managers provider returned null or empty trust managers." }
+        check(trustManagers[0] is X509TrustManager) { "Trust managers provider must return X509TrustManager." }
     }
 
     val sslContext = SSLContext.getInstance("TLS")