Skip to content

Commit 0d5eb0a

Browse files
kannanjgithubkannanjgithub
committed
Fix certs not updated for handshake.
1 parent f135943 commit 0d5eb0a

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,10 +40,13 @@ abstract class CertProviderSslContextProvider extends DynamicSslContextProvider
4040

4141
@Nullable private final NoExceptionCloseable certHandle;
4242
@Nullable private final NoExceptionCloseable rootCertHandle;
43+
@Nullable private final CertificateProviderInstance certInstance;
44+
@Nullable protected final CertificateProviderInstance rootCertInstance;
4345
@Nullable protected PrivateKey savedKey;
4446
@Nullable protected List<X509Certificate> savedCertChain;
4547
@Nullable protected List<X509Certificate> savedTrustedRoots;
4648
@Nullable protected Map<String, List<X509Certificate>> savedSpiffeTrustMap;
49+
private final boolean isUsingSystemRootCerts;
4750

4851
protected CertProviderSslContextProvider(
4952
Node node,
@@ -54,6 +57,10 @@ protected CertProviderSslContextProvider(
5457
BaseTlsContext tlsContext,
5558
CertificateProviderStore certificateProviderStore) {
5659
super(tlsContext, staticCertValidationContext);
60+
this.certInstance = certInstance;
61+
this.rootCertInstance = rootCertInstance;
62+
this.isUsingSystemRootCerts = rootCertInstance == null
63+
&& CommonTlsContextUtil.isUsingSystemRootCerts(tlsContext.getCommonTlsContext());
5764
boolean createCertInstance = certInstance != null && certInstance.isInitialized();
5865
boolean createRootCertInstance = rootCertInstance != null && rootCertInstance.isInitialized();
5966
boolean sharedCertInstance = createCertInstance && createRootCertInstance
@@ -186,15 +193,15 @@ private void clearKeysAndCerts() {
186193
}
187194

188195
protected final boolean isMtls() {
189-
return certHandle != null && rootCertHandle != null;
196+
return certInstance != null && (rootCertInstance != null || isUsingSystemRootCerts);
190197
}
191198

192199
protected final boolean isClientSideTls() {
193-
return rootCertHandle != null && certHandle == null;
200+
return rootCertInstance != null && certInstance == null;
194201
}
195202

196203
protected final boolean isServerSideTls() {
197-
return certHandle != null && rootCertHandle == null;
204+
return certInstance != null && rootCertInstance == null;
198205
}
199206

200207
@Override

0 commit comments

Comments
 (0)