Add comment and rename some confusing method names.

kannanjgithub · kannanjgithub · commit 4c44e4c66806 · 2025-09-09T09:07:40.000Z
diff --git a/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/security/certprovider/CertProviderSslContextProvider.java
@@ -155,12 +155,12 @@ private void updateSslContextWhenReady() {
         updateSslContext();
         clearKeysAndCerts();
       }
-    } else if (isClientSideTls()) {
+    } else if (isNormalTlsAndClientSide()) {
       if (savedTrustedRoots != null || savedSpiffeTrustMap != null) {
         updateSslContext();
         clearKeysAndCerts();
       }
-    } else if (isServerSideTls()) {
+    } else if (isNormalTlsAndServerSide()) {
       if (savedKey != null) {
         updateSslContext();
         clearKeysAndCerts();
@@ -179,11 +179,13 @@ protected final boolean isMtls() {
     return certInstance != null && (rootCertInstance != null || isUsingSystemRootCerts);
   }
 
-  protected final boolean isClientSideTls() {
+  protected final boolean isNormalTlsAndClientSide() {
+    // We don't do (rootCertInstance != null || isUsingSystemRootCerts) here because of where this method is called
+    // from. With the rootCertInstance being null when using system root certs, there is nothing to update.
     return rootCertInstance != null && certInstance == null;
   }
 
-  protected final boolean isServerSideTls() {
+  protected final boolean isNormalTlsAndServerSide() {
     return certInstance != null && rootCertInstance == null;
   }
 

Original file line number	Diff line number	Diff line change
`@@ -155,12 +155,12 @@ private void updateSslContextWhenReady() {`
`155`	`155`	`updateSslContext();`
`156`	`156`	`clearKeysAndCerts();`
`157`	`157`	`}`
`158`		`- } else if (isClientSideTls()) {`
	`158`	`+ } else if (isNormalTlsAndClientSide()) {`
`159`	`159`	`if (savedTrustedRoots != null \|\| savedSpiffeTrustMap != null) {`
`160`	`160`	`updateSslContext();`
`161`	`161`	`clearKeysAndCerts();`
`162`	`162`	`}`
`163`		`- } else if (isServerSideTls()) {`
	`163`	`+ } else if (isNormalTlsAndServerSide()) {`
`164`	`164`	`if (savedKey != null) {`
`165`	`165`	`updateSslContext();`
`166`	`166`	`clearKeysAndCerts();`
`@@ -179,11 +179,13 @@ protected final boolean isMtls() {`
`179`	`179`	`return certInstance != null && (rootCertInstance != null \|\| isUsingSystemRootCerts);`
`180`	`180`	`}`
`181`	`181`
`182`		`- protected final boolean isClientSideTls() {`
	`182`	`+ protected final boolean isNormalTlsAndClientSide() {`
	`183`	`+ // We don't do (rootCertInstance != null \|\| isUsingSystemRootCerts) here because of where this method is called`
	`184`	`+ // from. With the rootCertInstance being null when using system root certs, there is nothing to update.`
`183`	`185`	`return rootCertInstance != null && certInstance == null;`
`184`	`186`	`}`
`185`	`187`
`186`		`- protected final boolean isServerSideTls() {`
	`188`	`+ protected final boolean isNormalTlsAndServerSide() {`
`187`	`189`	`return certInstance != null && rootCertInstance == null;`
`188`	`190`	`}`
`189`	`191`