chore: cleaned up the commits

Author: jinseopkim0

bazel/curl.BUILD

@@ -145,8 +145,8 @@ CURL_WIN_COPTS = [
     "/DCURL_DISABLE_PROXY",
     "/DHAVE_LIBZ",
     "/DHAVE_ZLIB_H",
-    "/DUSE_OPENSSL",    # UPDATED: Enable OpenSSL interface
-    "/DHAVE_BORINGSSL", # UPDATED: Explicitly define BoringSSL
+    "/DUSE_OPENSSL",    # Changed: Use OpenSSL/BoringSSL interface
+    "/DHAVE_BORINGSSL", # Changed: Explicitly define BoringSSL
     # Defining _USING_V110_SDK71_ is hackery to defeat curl's incorrect
     # detection of what OS releases we can build on with VC 2012. This
     # may not be needed (or may have to change) if the WINVER setting
@@ -159,7 +159,7 @@ CURL_WIN_SRCS = [
     "lib/inet_ntop.c",
     "lib/system_win32.c",
     "lib/x509asn1.c",
-    "lib/vtls/openssl.c", # UPDATED: Use OpenSSL/BoringSSL impl
+    "lib/vtls/openssl.c", # Changed: Use OpenSSL source instead of schannel.c
     "lib/idn_win32.c",
 ]
 
@@ -456,7 +456,7 @@ cc_library(
         ":define-ca-bundle-location",
         "@com_github_cares_cares//:ares",
         "@zlib",
-        "@boringssl//:ssl", # UPDATED: Always link BoringSSL (even on Windows)
+        "@boringssl//:ssl", # Changed: Link BoringSSL on Windows
     ],
 )
 
@@ -481,6 +481,7 @@ write_file(
         "#  define BUILDING_LIBCURL 1",
         "#  define CURL_DISABLE_CRYPTO_AUTH 1",
         "#  define CURL_DISABLE_DICT 1",
+        # REMOVED: "#  define CURL_DISABLE_FILE 1",
         "#  define CURL_DISABLE_GOPHER 1",
         "#  define CURL_DISABLE_IMAP 1",
         "#  define CURL_DISABLE_LDAP 1",
@@ -491,14 +492,14 @@ write_file(
         "#  define CURL_DISABLE_TELNET 1",
         "#  define CURL_DISABLE_TFTP 1",
         "#  define CURL_PULL_WS2TCPIP_H 1",
-        "#  define USE_OPENSSL 1",          // UPDATED: Added
-        "#  define HAVE_BORINGSSL 1",       // UPDATED: Added
-        "#  define HAVE_LIBSSL 1",          // UPDATED: Added
-        "#  define HAVE_OPENSSL_SSL_H 1",   // UPDATED: Added
-        "#  define HAVE_OPENSSL_CRYPTO_H 1",// UPDATED: Added
-        "#  define HAVE_OPENSSL_PEM_H 1",   // UPDATED: Added
-        "#  define HAVE_OPENSSL_X509_H 1",  // UPDATED: Added
-        "#  define HAVE_OPENSSL_ERR_H 1",   // UPDATED: Added
+        "#  define USE_OPENSSL 1",          // Changed
+        "#  define HAVE_BORINGSSL 1",       // Changed
+        "#  define HAVE_LIBSSL 1",          // Changed
+        "#  define HAVE_OPENSSL_SSL_H 1",   // Changed
+        "#  define HAVE_OPENSSL_CRYPTO_H 1",// Changed
+        "#  define HAVE_OPENSSL_PEM_H 1",   // Changed
+        "#  define HAVE_OPENSSL_X509_H 1",  // Changed
+        "#  define HAVE_OPENSSL_ERR_H 1",   // Changed
         "#  define USE_WIN32_IDN 1",
         "#  define WANT_IDN_PROTOTYPES 1",
         "#elif defined(__APPLE__)",
@@ -545,6 +546,7 @@ write_file(
         "",
         "#if !defined(_WIN32)",
         "#  define CURL_DISABLE_DICT 1",
+        # REMOVED: "#  define CURL_DISABLE_FILE 1",
         "#  define CURL_DISABLE_GOPHER 1",
         "#  define CURL_DISABLE_IMAP 1",
         "#  define CURL_DISABLE_LDAP 1",

ci/kokoro/windows/builds/bazel.ps1

@@ -6,7 +6,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      https://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -62,151 +62,43 @@ if ($LastExitCode) {
 . ci/kokoro/windows/lib/integration.ps1
 
 function Invoke-REST-Quickstart {
-    param($bazel_bin)
-    try {
-        $executable = Join-Path $bazel_bin "google/cloud/storage/quickstart/quickstart.exe"
-        Write-Host "Running REST Quickstart, attempting to run: $executable"
-        if (-not (Test-Path $executable)) {
-          Write-Host -ForegroundColor Red "Executable not found at the specified path."
-          Exit 1
-        }
-        & $executable "${env:GOOGLE_CLOUD_CPP_STORAGE_TEST_BUCKET_NAME}"
-        if ($LastExitCode) {
-            Write-Host -ForegroundColor Red "Execution of (storage/quickstart) failed with exit code ${LastExitCode}."
-            Exit ${LastExitCode}
-        }
-    } catch {
-        Write-Host -ForegroundColor Red "Caught exception while trying to run storage/quickstart: $_"
-        Exit 1
+    bazelisk $common_flags run $build_flags `
+      //google/cloud/storage/quickstart:quickstart -- `
+      "${env:GOOGLE_CLOUD_CPP_STORAGE_TEST_BUCKET_NAME}"
+    if ($LastExitCode) {
+        Write-Host -ForegroundColor Red "bazel run (storage/quickstart) failed with exit code ${LastExitCode}."
+        Exit ${LastExitCode}
     }
 }
 
 function Invoke-gRPC-Quickstart {
-    param($bazel_bin)
-    try {
-        $executable = Join-Path $bazel_bin "google/cloud/pubsub/quickstart/quickstart.exe"
-        Write-Host "Running gRPC Quickstart, attempting to run: $executable"
-        if (-not (Test-Path $executable)) {
-          Write-Host -ForegroundColor Red "Executable not found at the specified path."
-          Exit 1
-        }
-        & $executable "${env:GOOGLE_CLOUD_PROJECT}" "${env:GOOGLE_CLOUD_CPP_PUBSUB_TEST_QUICKSTART_TOPIC}"
-        if ($LastExitCode) {
-            Write-Host -ForegroundColor Red "Execution of (pubsub/quickstart) failed with exit code ${LastExitCode}."
-            Exit ${LastExitCode}
-        }
-    } catch {
-        Write-Host -ForegroundColor Red "Caught exception while trying to run pubsub/quickstart: $_"
-        Exit 1
+    bazelisk $common_flags run $build_flags `
+      //google/cloud/pubsub/quickstart:quickstart -- `
+      "${env:GOOGLE_CLOUD_PROJECT}" "${env:GOOGLE_CLOUD_CPP_PUBSUB_TEST_QUICKSTART_TOPIC}"
+    if ($LastExitCode) {
+        Write-Host -ForegroundColor Red "bazel run (pubsub/quickstart) failed with exit code ${LastExitCode}."
+        Exit ${LastExitCode}
     }
 }
 
 if (Test-Integration-Enabled) {
     Write-Host "`n$(Get-Date -Format o) Running minimal quickstart prorams"
 
-    # 1. Install the certificates
+    # Install certificates and set up environment variables for BoringSSL
     Install-Roots-Pem
-
-    # 2. Normalize paths to use Forward Slashes (/)
-    # This is critical for C++ binaries (BoringSSL/libcurl) to parse paths correctly on Windows.
+    
+    # BoringSSL prefers forward slashes for paths, even on Windows
     $RawRootsPath = Join-Path $env:KOKORO_GFILE_DIR "roots.pem"
     $RootsPath = $RawRootsPath -replace '\\', '/'
-    
-    $RawKeyPath = Join-Path $env:KOKORO_GFILE_DIR "kokoro-run-key.json"
-    $KeyPath = $RawKeyPath -replace '\\', '/'
+    $KeyPath = (Join-Path $env:KOKORO_GFILE_DIR "kokoro-run-key.json") -replace '\\', '/'
 
-    # 3. Set ALL SSL Environment Variables
-    # OpenSSL/BoringSSL may look at SSL_CERT_FILE before CURL_CA_BUNDLE
-    # Use Forward Slashes ($RootsPath) for BoringSSL
     $env:GRPC_DEFAULT_SSL_ROOTS_FILE_PATH = $RootsPath
     $env:CURL_CA_BUNDLE = $RootsPath
     $env:SSL_CERT_FILE = $RootsPath
     $env:GOOGLE_APPLICATION_CREDENTIALS = $KeyPath
-    
-    # 4. Enable Deep Library Logging
-    $env:GOOGLE_CLOUD_CPP_ENABLE_TRACING="http"
-    $env:CURL_VERBOSE="1"
-
-    # --- DEBUG CHECKS ---
-    Write-Host -ForegroundColor Cyan "`n--- DEBUG: Environment & File Check ---"
-    Write-Host "Roots Path: $RootsPath"
-    
-    Write-Host "`n[Check 1] Environment Variables:"
-    Get-ChildItem Env: | Where-Object { $_.Name -match 'CURL_|GOOGLE_|GRPC_|SSL_' } | Format-Table -AutoSize | Out-Host
-    
-    Write-Host "`n[Check 2] File Verify:"
-    if (Test-Path $RootsPath) {
-        Write-Host -ForegroundColor Green "File exists."
-        Get-Item $RootsPath | Select-Object Length, LastWriteTime
-    } else {
-        Write-Host -ForegroundColor Red "CRITICAL: File not found at $RootsPath"
-    }
-    Write-Host "--- DEBUG END ---`n"
-
-    bazelisk $common_flags build $build_flags `
-        //google/cloud/storage/quickstart:quickstart `
-        //google/cloud/pubsub/quickstart:quickstart
-
-    $bazel_bin = (bazelisk $common_flags info $build_flags bazel-bin).Trim()
-    # Fix bazel-bin path for PowerShell invocation just in case
-    $bazel_bin = $bazel_bin.Replace('/', '\') 
-    Write-Host "bazel-bin directory: $bazel_bin"
-
-    # --- VERIFICATION EXPERIMENT START ---
-    Write-Host -ForegroundColor Cyan "`n--- EXPERIMENT: The 'Strip & Retry' Test ---"
-    
-    # Define paths
-    $DirtyFile = $RawRootsPath
-    $CleanFile = Join-Path $env:KOKORO_GFILE_DIR "roots_clean.pem"
-    $CleanFileForward = $CleanFile -replace '\\', '/'
-
-    # Check for the "Poison" (\r)
-    $text = [System.IO.File]::ReadAllText($DirtyFile)
-    if ($text.Contains("`r")) {
-        Write-Host -ForegroundColor Red "[CONFIRMED] 'roots.pem' contains Carriage Returns (\r)."
-        Write-Host "      Attempting to sanitize and run binary..."
-        
-        # Create the Antidote (Remove all \r)
-        $cleanText = $text.Replace("`r", "")
-        [System.IO.File]::WriteAllText($CleanFile, $cleanText)
-        Write-Host "Created sanitized file: $CleanFileForward"
-
-        # Run the Binary against the CLEAN file
-        Write-Host "`nRunning quickstart.exe using CLEAN file..."
-        
-        # Temporarily override the env var just for this test
-        $env:CURL_CA_BUNDLE = $CleanFileForward
-        $env:SSL_CERT_FILE = $CleanFileForward
-        $env:GRPC_DEFAULT_SSL_ROOTS_FILE_PATH = $CleanFileForward
-        
-        # Construct executable path
-        $QuickstartExe = Join-Path $bazel_bin "google/cloud/storage/quickstart/quickstart.exe"
-
-        try {
-           & $QuickstartExe "${env:GOOGLE_CLOUD_CPP_STORAGE_TEST_BUCKET_NAME}"
-           if ($LastExitCode -eq 0) {
-               Write-Host -ForegroundColor Green "`n[SUCCESS] The binary worked with the clean file!"
-               Write-Host -ForegroundColor Green "CONCLUSION: Carriage Returns were the root cause."
-           } else {
-               Write-Host -ForegroundColor Red "`n[FAILURE] The binary still failed ($LastExitCode) even with the clean file."
-               Write-Host -ForegroundColor Red "CONCLUSION: The issue is NOT carriage returns."
-           }
-        } catch {
-            Write-Host "Execution failed: $_"
-        }
-        
-        # Restore Env Vars for standard test flow
-        $env:CURL_CA_BUNDLE = $RootsPath
-        $env:SSL_CERT_FILE = $RootsPath
-        $env:GRPC_DEFAULT_SSL_ROOTS_FILE_PATH = $RootsPath
-    } else {
-        Write-Host -ForegroundColor Green "[INFO] 'roots.pem' is already clean (No \r). Experiment skipped."
-    }
-    Write-Host "------------------------------------------------"
-    # --- VERIFICATION EXPERIMENT END ---
 
-    Invoke-REST-Quickstart $bazel_bin
-    Invoke-gRPC-Quickstart $bazel_bin
+    Invoke-REST-Quickstart
+    Invoke-gRPC-Quickstart
 }
 
 # Shutdown the Bazel server to release any locks

ci/kokoro/windows/lib/integration.ps1

@@ -26,140 +26,52 @@ function Test-Integration-Enabled {
     return $False
 }
 
-function Debug-Network {
-    param([string]$targetUrl)
-    Write-Host -ForegroundColor Cyan "`n--- NETWORK DEBUG START ($targetUrl) ---"
-    try {
-        $uri = New-Object System.Uri($targetUrl)
-        $hostName = $uri.DnsSafeHost
-
-        # 1. DNS Resolution
-        Write-Host "1. Testing DNS resolution for $hostName..."
-        $dns = Resolve-DnsName -Name $hostName -ErrorAction SilentlyContinue
-        if ($dns) { $dns | Format-Table -AutoSize | Out-Host } else { Write-Host -ForegroundColor Red "DNS Resolution FAILED" }
-
-        # 2. Basic TCP Connectivity (checking port 443)
-        Write-Host "`n2. Testing TCP connectivity to $hostName`:443..."
-        try {
-             $tcp = Test-NetConnection -ComputerName $hostName -Port 443 -WarningAction SilentlyContinue
-             if ($tcp.TcpTestSucceeded) { Write-Host "TCP connection SUCCEEDED" } else { Write-Host -ForegroundColor Red "TCP connection FAILED" }
-             Write-Host "Detailed Info: $($tcp | Out-String)"
-        } catch {
-             Write-Host -ForegroundColor Red "Test-NetConnection failed to run: $_"
-        }
-
-        # 3. Proxy Detection
-        Write-Host "`n3. Checking System Proxy for $targetUrl..."
-        $proxy = [System.Net.WebRequest]::GetSystemWebProxy()
-        $proxyUri = $proxy.GetProxy($uri)
-        Write-Host "Effective Proxy: $proxyUri"
-        Write-Host "Is Bypassed: $($proxy.IsBypassed($uri))"
-
-    } catch {
-        Write-Host -ForegroundColor Red "An error occurred during network debug: $_"
-    }
-    Write-Host -ForegroundColor Cyan "--- NETWORK DEBUG END ---`n"
-}
-
 function Install-Roots-Pem {
-    Debug-Network -targetUrl "https://curl.se/ca/cacert.pem"
     $RootsPath = "${env:KOKORO_GFILE_DIR}/roots.pem"
 
     ForEach($attempt in (1, 2, 3)) {
         Write-Host -ForegroundColor Yellow "`n$(Get-Date -Format o) " `
             "Downloading roots.pem [$attempt]"
         try {
-            # 1. Download the Mozilla Bundle to memory string
-            # We avoid saving to disk immediately to prevent PowerShell from adding CRLF
+            # 1. Download the Mozilla Bundle
             $WebClient = New-Object System.Net.WebClient
             $MozillaCerts = $WebClient.DownloadString('https://curl.se/ca/cacert.pem')
 
-            # 2. Gather Windows System Certificates
-            # We check both 'Root' (Trusted Root CAs) and 'CA' (Intermediate CAs)
-            # as corporate proxies often sign with an Intermediate.
+            # 2. Gather Windows System Root Certificates
+            # This is required because some corporate/cloud environments inspect traffic
+            # using an intermediate CA present in the system store but not in Mozilla's bundle.
             Write-Host "Gathering Windows System Root Certificates..."
             $WindowsCerts = ""
             $storesToCheck = @("Root", "CA")
 
             foreach ($storeName in $storesToCheck) {
-                Write-Host -ForegroundColor Cyan "Processing Store: LocalMachine\$storeName"
                 $certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $storeName, "LocalMachine"
                 $certStore.Open('ReadOnly')
 
                 $certStore.Certificates | ForEach-Object {
                     $cert = $_
-                    Write-Host "  Adding: $($cert.Subject)"
-                    
-                    # Export to Base64
                     $b64 = [Convert]::ToBase64String($cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert), 'InsertLineBreaks')
-                    
-                    # Construct PEM with explicit Unix Newlines (\n)
                     $header = "-----BEGIN CERTIFICATE-----"
                     $footer = "-----END CERTIFICATE-----"
                     $WindowsCerts += "$header`n$b64`n$footer`n"
                 }
                 $certStore.Close()
             }
 
-            # 3. Write Combined File with Strict UNIX Line Endings (\n)
-            # We use .NET IO classes to bypass PowerShell's default CRLF behavior.
+            # 3. Write Combined File with strict Unix Line Endings (\n)
+            # BoringSSL/gRPC can sometimes have issues with Windows CRLF.
             Write-Host "Writing combined roots.pem with Unix LF line endings..."
             $FinalContent = $MozillaCerts + "`n" + $WindowsCerts
-            
-            # Normalize: Replace any Windows \r\n with Unix \n
-            # This is the CRITICAL FIX for BoringSSL/gRPC which can choke on Carriage Returns (\r)
             $FinalContent = $FinalContent -replace "`r`n", "`n"
 
             [System.IO.File]::WriteAllText($RootsPath, $FinalContent, [System.Text.Encoding]::ASCII)
-
-            # --- DEBUG START ---
-            Write-Host -ForegroundColor Cyan "`nDEBUG: Inspecting roots.pem..."
-            
-            # Check for Seams/Corruption
-            $corruption = Select-String -Path $RootsPath -Pattern "-----END CERTIFICATE----------BEGIN CERTIFICATE-----"
-            if ($corruption) {
-                Write-Host -ForegroundColor Red "FAIL: Found corrupted certificate boundaries!"
-            } else {
-                Write-Host -ForegroundColor Green "PASS: No certificate boundary corruption detected."
-            }
-
-            # Check for Carriage Returns (The "BoringSSL Killer")
-            if ($FinalContent.Contains("`r")) {
-                 Write-Host -ForegroundColor Red "FAIL: File still contains Carriage Returns (\r)!"
-            } else {
-                 Write-Host -ForegroundColor Green "PASS: File contains strict Unix Line Feeds (\n)."
-            }
-
-            Write-Host -ForegroundColor Cyan "`nDEBUG: Testing SSL connection to GCS..."
 
-            # Relax ErrorActionPreference so curl -v stderr doesn't crash the script
-            $OldEAP = $ErrorActionPreference
-            $ErrorActionPreference = "Continue"
-            
-            try {
-                & curl.exe --version
-                & curl.exe -v https://storage.googleapis.com --cacert $RootsPath 2>&1 | Out-Host
-                if ($LastExitCode -ne 0) {
-                    Write-Host -ForegroundColor Red "Curl exited with error code: $LastExitCode"
-                } else {
-                     Write-Host -ForegroundColor Green "Curl connection test PASSED."
-                }
-            } catch {
-                 Write-Host -ForegroundColor Red "Debug curl command failed unexpectedly: $_"
-            } finally {
-                $ErrorActionPreference = $OldEAP
-            }
-            # --- DEBUG END ---
-
             return
         } catch {
             Write-Host -ForegroundColor Yellow "`n$(Get-Date -Format o) download/setup error: $_"
-            if ($attempt -eq 3) {
-                 Debug-Network -targetUrl "https://storage.googleapis.com"
-            }
         }
         Start-Sleep -Seconds (60 * $attempt)
     }
-    Write-Host -ForegroundColor Red "cannot download roots.pem file."
+    Write-Host -ForegroundColor Red "cannot setup roots.pem file."
     Exit 1
 }