fix: simplify implementation

diegomarquezp · diegomarquezp · commit 3f4387b9d034 · 2026-05-25T14:43:55.000-04:00
diff --git a/google-http-client/src/main/java/com/google/api/client/http/javanet/NetHttpTransport.java b/google-http-client/src/main/java/com/google/api/client/http/javanet/NetHttpTransport.java
@@ -95,7 +95,8 @@ private static Proxy defaultProxy() {
   private final boolean isMtls;
 
   /**
-   * Returns the default SSL socket factory, which is PQC-enabled if Bouncy Castle JJSSE is on the classpath.
+   * Returns the default SSL socket factory, which is PQC-enabled if Bouncy Castle JJSSE is on the
+   * classpath.
    */
   private static SSLSocketFactory getDefaultSslSocketFactory() {
     try {
@@ -146,8 +147,7 @@ public NetHttpTransport() {
       HostnameVerifier hostnameVerifier,
       boolean isMtls) {
     this.connectionFactory = getConnectionFactory(connectionFactory);
-    // Securely wrap the socket factory to enforce PQC hybrid negotiation scope-specifically
-    this.sslSocketFactory = sslSocketFactory != null ? new PqcDelegatingSSLSocketFactory(sslSocketFactory) : null;
+    this.sslSocketFactory = sslSocketFactory;
     this.hostnameVerifier = hostnameVerifier;
     this.isMtls = isMtls;
   }
@@ -310,26 +310,30 @@ public Builder trustCertificates(KeyStore trustStore) throws GeneralSecurityExce
     }
 
     /**
-     * Sets the SSL socket factory based on a root certificate trust store and a specific security provider.
+     * Sets the SSL socket factory based on a root certificate trust store and a specific security
+     * provider.
      *
      * @param trustStore certificate trust store
      * @param provider security provider to use for SSL context
      * @since 1.39
      */
-    public Builder trustCertificates(KeyStore trustStore, Provider provider) throws GeneralSecurityException {
+    public Builder trustCertificates(KeyStore trustStore, Provider provider)
+        throws GeneralSecurityException {
       SSLContext sslContext = SslUtils.getTlsSslContext(provider);
       SslUtils.initSslContext(sslContext, trustStore, SslUtils.getPkixTrustManagerFactory());
       return setSslSocketFactory(sslContext.getSocketFactory());
     }
 
     /**
-     * Sets the SSL socket factory based on a root certificate trust store and a specific security provider name.
+     * Sets the SSL socket factory based on a root certificate trust store and a specific security
+     * provider name.
      *
      * @param trustStore certificate trust store
      * @param providerName security provider name to use for SSL context
      * @since 1.39
      */
-    public Builder trustCertificates(KeyStore trustStore, String providerName) throws GeneralSecurityException {
+    public Builder trustCertificates(KeyStore trustStore, String providerName)
+        throws GeneralSecurityException {
       try {
         SSLContext sslContext = SslUtils.getTlsSslContext(providerName);
         SslUtils.initSslContext(sslContext, trustStore, SslUtils.getPkixTrustManagerFactory());
@@ -412,7 +416,8 @@ public NetHttpTransport build() {
       if (System.getProperty(SHOULD_USE_PROXY_FLAG) != null) {
         setProxy(defaultProxy());
       }
-      SSLSocketFactory factory = sslSocketFactory != null ? sslSocketFactory : getDefaultSslSocketFactory();
+      SSLSocketFactory factory =
+          sslSocketFactory != null ? sslSocketFactory : getDefaultSslSocketFactory();
       return this.proxy == null
           ? new NetHttpTransport(connectionFactory, factory, hostnameVerifier, isMtls)
           : new NetHttpTransport(this.proxy, factory, hostnameVerifier, isMtls);
diff --git a/google-http-client/src/main/java/com/google/api/client/http/javanet/PqcDelegatingSSLSocketFactory.java b/google-http-client/src/main/java/com/google/api/client/http/javanet/PqcDelegatingSSLSocketFactory.java
diff --git a/google-http-client/src/main/java/com/google/api/client/util/SslUtils.java b/google-http-client/src/main/java/com/google/api/client/util/SslUtils.java
@@ -20,6 +20,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.Provider;
+import java.security.Security;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import javax.net.ssl.HostnameVerifier;
@@ -29,9 +30,8 @@
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
-import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import java.security.Security;
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
 
 /**
  * SSL utilities.
@@ -51,25 +51,27 @@ public static SSLContext getSslContext() throws NoSuchAlgorithmException {
   }
 
   /**
-   * Returns the SSL context for "TLS" algorithm using Bouncy Castle JJSSE provider scope-specifically.
+   * Returns the SSL context for "TLS" algorithm using Bouncy Castle JJSSE provider
+   * scope-specifically.
    *
-   * @since 1.14
+   * @since 2.1.1
    */
   public static SSLContext getTlsSslContext() throws NoSuchAlgorithmException {
     // 1. Explicitly register Bouncy Castle cryptographic provider globally if not already present.
     if (Security.getProvider("BC") == null) {
       Security.addProvider(new BouncyCastleProvider());
     }
-    
+
     // 2. Explicitly instantiate Bouncy Castle cryptographic (JCA) provider instance.
     BouncyCastleProvider cryptoProvider = new BouncyCastleProvider();
-    
+
     // 3. Explicitly instantiate Bouncy Castle JJSSE provider bound to our crypto provider.
     BouncyCastleJsseProvider provider = new BouncyCastleJsseProvider(cryptoProvider);
-    
-    // 3. Create standard TLS context instance bound specifically to our Bouncy Castle JJSSE provider.
+
+    // 3. Create standard TLS context instance bound specifically to our Bouncy Castle JJSSE
+    // provider.
     SSLContext bcContext = SSLContext.getInstance("TLS", provider);
-    
+
     try {
       // 4. Initialize the Bouncy Castle SSLContext with default managers.
       bcContext.init(null, null, null);
@@ -86,7 +88,7 @@ public static SSLContext getTlsSslContext() throws NoSuchAlgorithmException {
       }
       return fallbackContext;
     }
-    
+
     // 6. Return the raw Bouncy Castle SSLContext.
     return bcContext;
   }
@@ -96,8 +98,7 @@ public static SSLContext getTlsSslContext() throws NoSuchAlgorithmException {
    *
    * @since 1.39
    */
-  public static SSLContext getTlsSslContext(Provider provider)
-      throws NoSuchAlgorithmException {
+  public static SSLContext getTlsSslContext(Provider provider) throws NoSuchAlgorithmException {
     return SSLContext.getInstance("TLS", provider);
   }
 
