chore: Refactor x509Provider to create a shared Utils class for Mtls by vverman · Pull Request #1907 · googleapis/google-auth-library-java

vverman · 2026-03-24T02:24:48Z

Fixes googleapis/google-cloud-java#12582

Addressed a concern raised by Andy refer.

Now X509Provider only exposes the necessary methods needed by the MtlsProvider interface

lqiu96 · 2026-03-24T18:54:20Z

+ *
+ * <p>For internal use only.
+ */
+public class SystemEnvironmentProvider implements EnvironmentProvider, Serializable {


qq, what is the difference between SystemEnvironmentProvider and EnvironmentProvider?

An EnvProvider is an interface which can be implemented by test-classes to pass in their own env variables.

The SystemEnvProvider implements this EnvProvider and implements the associated functions such that the env-variables are fetched from the system env.

Got it. Can you add @internalapi to this class and for SystemPropertyProvider?

lqiu96 · 2026-03-24T18:57:00Z

feat: Refactor x509Provider

Since this is a refactor, I'm going to change the title to chore: ... to reflect the type of change in the release notes. Thank you for helping with our backlog!

marcosgtz7 · 2026-03-24T21:19:26Z

E El martes, 24 de marzo de 2026, ***@***.***> escribió:

…

***@***.**** commented on this pull request. ------------------------------ In oauth2_http/java/com/google/auth/mtls/X509Provider.java <#1907 (comment)> : > + public X509Provider( + EnvironmentProvider envProvider, + PropertyProvider propProvider, + String certConfigPathOverride) { Thanks for the suggestion. I think we can leave this one out for now because I don't think the argument list is big enough to justify the Builder's inclusion and we don't anticipate any changes to X509Provider (in the short-term). In case this changes, we can implement it then. — Reply to this email directly, view it on GitHub <#1907?email_source=notifications&email_token=B5MKPO3RH26N37TDJ35VCOL4SL3TJA5CNFSNUABKM5UWIORPF5TWS5BNNB2WEL2QOVWGYUTFOF2WK43UKJSXM2LFO4XTIMBQGIZTKMBWGUYKM4TFMFZW63VKON2WE43DOJUWEZLEUVSXMZLOOSWGM33PORSXEX3DNRUWG2Y#discussion_r2984325705>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/B5MKPOZWHPYIKAJ5GNPMM5L4SL3TJAVCNFSM6AAAAACW43RKUSVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHM2DAMBSGM2TANRVGA> . You are receiving this because you are subscribed to this thread.Message ID: <googleapis/google-auth-library-java/pull/1907/review/4002350650@ github.com>

nbayati · 2026-03-31T22:52:41Z

+  private static String getExplicitCertConfigPath(IdentityPoolCredentialSource credentialSource) {
+    IdentityPoolCredentialSource.CertificateConfig certConfig =
+        credentialSource.getCertificateConfig();
+    return certConfig.useDefaultCertificateConfig()


Potential null pointer access: The variable certConfig may be null at this location

Thanks for the catch! I added a null pointer check!

lqiu96 · 2026-04-06T15:43:05Z

When this gets merged into main, I'll port this over to the monorepo.

lqiu96 · 2026-04-08T17:11:49Z

There is also new changes with the GraalVM job. Update with main should resolve that graalvm failure.

…ormed cert tests to X509Provider.

…1907) * feat: Refactor X509Provider * Added back accidentally removed tests. * Lint fixes * Addressed the PR comments. * Test for windows OS cert default path * lint fixes. * Added Copyright headers. * Addressed comments. * Test fix. * Added separate test class for mTLS-utils. Added missing cert and malformed cert tests to X509Provider. * Lint fix. Original-PR: googleapis/google-auth-library-java#1907

vverman requested review from a team as code owners March 24, 2026 02:24

product-auto-label Bot added the size: l Pull request size is large. label Mar 24, 2026

vverman force-pushed the refactor-x509-provider branch from 1500bea to f78ed98 Compare March 24, 2026 03:02

vverman requested a review from lqiu96 March 24, 2026 03:04