Save changes.

kannanjgithub · kannanjgithub · commit 6c1898a7d90a · 2025-09-08T12:29:14.000Z
diff --git a/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java
@@ -563,7 +563,7 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSys
           CertificateValidationContext.newBuilder()
               .setSystemRootCerts(
                   CertificateValidationContext.SystemRootCerts.newBuilder().build())
-              .build(), false);
+              .build());
     }
     return CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(
         "google_cloud_private_spiffe-client", "ROOT", null,
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java
@@ -74,7 +74,7 @@ public void createCertProviderClientSslContextProvider() throws XdsInitializatio
             "gcp_id",
             "root-default",
             /* alpnProtocols= */ null,
-            /* staticCertValidationContext= */ null, false);
+            /* staticCertValidationContext= */ null);
 
     Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
     clientSslContextProviderFactory =
@@ -105,7 +105,7 @@ public void bothPresent_expectCertProviderClientSslContextProvider()
             "gcp_id",
             "root-default",
             /* alpnProtocols= */ null,
-            /* staticCertValidationContext= */ null, false);
+            /* staticCertValidationContext= */ null);
 
     CommonTlsContext.Builder builder = upstreamTlsContext.getCommonTlsContext().toBuilder();
     builder = addFilenames(builder, "foo.pem", "foo.key", "root.pem");
@@ -135,7 +135,7 @@ public void createCertProviderClientSslContextProvider_onlyRootCert()
                     "gcp_id",
                     "root-default",
                     /* alpnProtocols= */ null,
-                    /* staticCertValidationContext= */ null, false);
+                    /* staticCertValidationContext= */ null);
 
     Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
     clientSslContextProviderFactory =
@@ -169,7 +169,7 @@ public void createCertProviderClientSslContextProvider_withStaticContext()
                     "gcp_id",
                     "root-default",
                     /* alpnProtocols= */ null,
-                    staticCertValidationContext, false);
+                    staticCertValidationContext);
 
     Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
     clientSslContextProviderFactory =
@@ -199,7 +199,7 @@ public void createCertProviderClientSslContextProvider_2providers()
             "file_provider",
             "root-default",
             /* alpnProtocols= */ null,
-            /* staticCertValidationContext= */ null, false);
+            /* staticCertValidationContext= */ null);
 
     Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
     clientSslContextProviderFactory =
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java b/xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java
@@ -165,7 +165,7 @@ public static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
         commonInstanceName,
         "ROOT",
         null,
-        null, false);
+        null);
   }
 
   /** Gets a cert from contents of a resource. */
@@ -182,8 +182,7 @@ private static CommonTlsContext buildCommonTlsContextForCertProviderInstance(
       String rootInstanceName,
       String rootCertName,
       Iterable<String> alpnProtocols,
-      CertificateValidationContext staticCertValidationContext,
-      boolean useSystemRootCerts) {
+      CertificateValidationContext staticCertValidationContext) {
     CommonTlsContext.Builder builder = CommonTlsContext.newBuilder();
     if (certInstanceName != null) {
       builder =
@@ -194,8 +193,7 @@ private static CommonTlsContext buildCommonTlsContextForCertProviderInstance(
     }
     builder =
         addCertificateValidationContext(
-            builder, rootInstanceName, rootCertName, staticCertValidationContext,
-                useSystemRootCerts);
+            builder, rootInstanceName, rootCertName, staticCertValidationContext);
     if (alpnProtocols != null) {
       builder.addAllAlpnProtocols(alpnProtocols);
     }
@@ -230,8 +228,7 @@ private static CommonTlsContext.Builder addCertificateValidationContext(
       CommonTlsContext.Builder builder,
       String rootInstanceName,
       String rootCertName,
-      CertificateValidationContext staticCertValidationContext,
-      boolean useSystemRootCerts) {
+      CertificateValidationContext staticCertValidationContext) {
     CertificateValidationContext.Builder contextBuilder;
     if (staticCertValidationContext == null) {
       contextBuilder = CertificateValidationContext.newBuilder();
@@ -243,10 +240,6 @@ private static CommonTlsContext.Builder addCertificateValidationContext(
           .setInstanceName(rootInstanceName)
           .setCertificateName(rootCertName));
       builder.setValidationContext(contextBuilder.build());
-    } else if (useSystemRootCerts) {
-      builder.setValidationContext(contextBuilder.setSystemRootCerts(
-          CertificateValidationContext.SystemRootCerts.getDefaultInstance())
-              .build());
     }
     return builder.setCombinedValidationContext(CombinedCertificateValidationContext.newBuilder()
         .setDefaultValidationContext(contextBuilder));
@@ -280,17 +273,15 @@ private static CommonTlsContext.Builder addNewCertificateValidationContext(
           @Nullable String rootInstanceName,
           @Nullable String rootCertName,
           Iterable<String> alpnProtocols,
-          CertificateValidationContext staticCertValidationContext,
-          boolean useSystemRootCerts) {
+          CertificateValidationContext staticCertValidationContext) {
     return buildUpstreamTlsContext(
         buildCommonTlsContextForCertProviderInstance(
             certInstanceName,
             certName,
             rootInstanceName,
             rootCertName,
             alpnProtocols,
-            staticCertValidationContext,
-            useSystemRootCerts));
+            staticCertValidationContext));
   }
 
   /** Helper method to build UpstreamTlsContext for CertProvider tests. */
@@ -329,8 +320,8 @@ private static CommonTlsContext.Builder addNewCertificateValidationContext(
             rootInstanceName,
             rootCertName,
             alpnProtocols,
-            staticCertValidationContext,
-false), requireClientCert);
+            staticCertValidationContext),
+        requireClientCert);
   }
 
   /** Helper method to build DownstreamTlsContext for CertProvider tests. */
diff --git a/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java
@@ -74,15 +74,26 @@ private CertProviderClientSslContextProvider getSslContextProvider(
           Iterable<String> alpnProtocols,
           CertificateValidationContext staticCertValidationContext,
           boolean useSystemRootCerts) {
-    EnvoyServerProtoData.UpstreamTlsContext upstreamTlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(
-            certInstanceName,
-            "cert-default",
-            rootInstanceName,
-            "root-default",
-            alpnProtocols,
-            staticCertValidationContext,
-            useSystemRootCerts);
+    EnvoyServerProtoData.UpstreamTlsContext upstreamTlsContext;
+    if (useSystemRootCerts) {
+      upstreamTlsContext =
+              CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(
+                      certInstanceName,
+                      "cert-default",
+                      rootInstanceName,
+                      "root-default",
+                      alpnProtocols,
+                      staticCertValidationContext);
+    } else {
+      upstreamTlsContext =
+              CommonTlsContextTestsUtil.buildUpstreamTlsContextForCertProviderInstance(
+                      certInstanceName,
+                      "cert-default",
+                      rootInstanceName,
+                      "root-default",
+                      alpnProtocols,
+                      staticCertValidationContext);
+    }
     return (CertProviderClientSslContextProvider)
         certProviderClientSslContextProviderFactory.getProvider(
             upstreamTlsContext,
@@ -187,7 +198,9 @@ public void testProviderForClient_systemRootCerts() throws Exception {
                     null,
                     CommonBootstrapperTestUtils.getTestBootstrapInfo(),
                     /* alpnProtocols= */ null,
-                    /* staticCertValidationContext= */ null,
+                    CertificateValidationContext.newBuilder()
+                            .setSystemRootCerts(CertificateValidationContext.SystemRootCerts.getDefaultInstance())
+                            .build(),
                     true);
 
     assertThat(provider.savedKey).isNull();

Original file line number	Diff line number	Diff line change
`@@ -563,7 +563,7 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSys`
`563`	`563`	`CertificateValidationContext.newBuilder()`
`564`	`564`	`.setSystemRootCerts(`
`565`	`565`	`CertificateValidationContext.SystemRootCerts.newBuilder().build())`
`566`		`- .build(), false);`
	`566`	`+ .build());`
`567`	`567`	`}`
`568`	`568`	`return CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(`
`569`	`569`	`"google_cloud_private_spiffe-client", "ROOT", null,`